./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor393636449 <...> resumed>, child_tidptr=0x55556b85b690) = 8315 [pid 5830] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8315] <... set_robust_list resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8315] chdir("./217" [pid 8314] <... ioctl resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8315] <... chdir resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 8315] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] close(3 [pid 8315] <... prctl resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8315] setpgid(0, 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8315] <... setpgid resumed>) = 0 [pid 8315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8315] write(3, "1000", 4) = 4 [pid 8315] close(3) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8316 ./strace-static-x86_64: Process 8316 attached [pid 8315] symlink("/dev/binderfs", "./binderfs" [pid 8314] close(3) = 0 executing program [pid 8316] set_robust_list(0x55556b85b6a0, 24 [pid 8315] <... symlink resumed>) = 0 [pid 8314] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./210/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./210/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8315] write(1, "executing program\n", 18 [pid 5832] umount2("./210/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8316] <... set_robust_list resumed>) = 0 [pid 8315] <... write resumed>) = 18 [pid 8314] <... close resumed>) = 0 [pid 8316] chdir("./214" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8316] <... chdir resumed>) = 0 [pid 8314] mkdir("./file1", 0777 [pid 8315] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8315] <... futex resumed>) = 0 [pid 8315] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8314] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./216/file1", [pid 8315] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] openat(AT_FDCWD, "./210/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8316] <... prctl resumed>) = 0 [pid 8315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8314] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(4, "", [pid 8315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8315] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] getdents64(4, [pid 8315] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8316] setpgid(0, 0 [pid 8315] <... mprotect resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8316] <... setpgid resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8315] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8315] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] close(4 [pid 8316] <... openat resumed>) = 3 [pid 8315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... close resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 8316] write(3, "1000", 4) = 4 [pid 5832] rmdir("./210/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8316] close(3 [pid 8315] <... clone3 resumed> => {parent_tid=[8317]}, 88) = 8317 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] getdents64(4, [pid 8315] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8317 attached [pid 8315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8316] <... close resumed>) = 0 [pid 8315] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(AT_FDCWD, "./210/binderfs", [pid 8315] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8316] symlink("/dev/binderfs", "./binderfs" [pid 8315] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] unlink("./210/binderfs") = 0 [pid 5830] getdents64(4, [pid 8316] <... symlink resumed>) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8316] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 executing program [ 203.913814][ T8314] loop3: detected capacity change from 0 to 256 [pid 5832] <... close resumed>) = 0 [pid 8317] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8316] <... write resumed>) = 18 [pid 5832] rmdir("./210" [pid 5830] close(4 [pid 8317] <... rseq resumed>) = 0 [pid 8317] set_robust_list(0x7f300ac489a0, 24 [pid 8316] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8317] <... set_robust_list resumed>) = 0 [pid 5832] mkdir("./211", 0777 [pid 8317] rt_sigprocmask(SIG_SETMASK, [], [pid 8316] <... futex resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] rmdir("./216/file1" [pid 8317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8316] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8317] memfd_create("syzkaller", 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 8317] <... memfd_create resumed>) = 3 [pid 8316] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8317] <... mmap resumed>) = 0x7f3002800000 [pid 8316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8317] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] close(3 [pid 8317] <... write resumed>) = 131072 [pid 8316] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./216/binderfs", [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8317] munmap(0x7f3002800000, 138412032) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8318 [pid 8317] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8317] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8317] ioctl(4, LOOP_CLR_FD) = 0 [pid 8316] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8316] <... mprotect resumed>) = 0 [pid 5830] unlink("./216/binderfs"./strace-static-x86_64: Process 8318 attached [pid 8317] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8316] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8317] close(4) = 0 [pid 8316] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8318] set_robust_list(0x55556b85b6a0, 24 [pid 8317] close(3 [pid 8318] <... set_robust_list resumed>) = 0 [pid 8317] <... close resumed>) = 0 [pid 8316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] getdents64(3, [pid 8317] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8318] chdir("./211" [pid 8317] <... futex resumed>) = 1 [pid 8315] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8319 attached [pid 8318] <... chdir resumed>) = 0 [pid 8315] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] close(3 [pid 8319] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8317] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8315] <... futex resumed>) = 0 [pid 8315] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8316] <... clone3 resumed> => {parent_tid=[8319]}, 88) = 8319 [pid 5830] <... close resumed>) = 0 [pid 8318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8317] <... openat resumed>) = 3 [pid 8316] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] rmdir("./216" [pid 8319] <... rseq resumed>) = 0 [pid 8318] setpgid(0, 0 [pid 8316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8317] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8315] <... futex resumed>) = 0 [pid 8315] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8315] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8319] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8317] mkdir("./file2", 0777 [pid 8319] rt_sigprocmask(SIG_SETMASK, [], [pid 8317] <... mkdir resumed>) = 0 [pid 8316] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] mkdir("./217", 0777 [pid 8318] <... setpgid resumed>) = 0 [pid 8316] <... futex resumed>) = 0 [pid 8319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8317] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8319] memfd_create("syzkaller", 0 [pid 8315] <... futex resumed>) = ? [pid 5830] <... mkdir resumed>) = 0 [pid 8319] <... memfd_create resumed>) = 3 [pid 8318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8317] +++ killed by SIGSEGV +++ [pid 8316] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8315] +++ killed by SIGSEGV +++ [pid 8314] <... mount resumed>) = 0 [pid 8319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8315, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 8319] <... mmap resumed>) = 0x7f3002800000 [pid 8318] <... openat resumed>) = 3 [pid 8314] <... openat resumed>) = 3 [pid 8319] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8318] write(3, "1000", 4 [pid 8314] chdir("./file1" [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8318] <... write resumed>) = 4 [pid 8314] <... chdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 8319] <... write resumed>) = 131072 [pid 8318] close(3 [pid 8314] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8314] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] getdents64(3, 0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 5831] umount2("./217/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./217/devices.list", [pid 8318] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8318] symlink("/dev/binderfs", "./binderfs" [pid 8314] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] unlink("./217/devices.list" [pid 8314] <... futex resumed>) = 1 [pid 8311] <... futex resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8319] munmap(0x7f3002800000, 138412032 [pid 8314] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8311] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8319] <... munmap resumed>) = 0 [pid 8318] <... symlink resumed>) = 0 [pid 8314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8311] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... ioctl resumed>) = 0 [pid 8314] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8311] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(AT_FDCWD, "./217/binderfs", [pid 8318] write(1, "executing program\n", 18 [pid 8314] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(3 [pid 8319] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8318] <... write resumed>) = 18 [pid 5831] unlink("./217/binderfs" [pid 5830] <... close resumed>) = 0 [pid 8319] <... openat resumed>) = 4 [pid 8314] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... unlink resumed>) = 0 [pid 8319] ioctl(4, LOOP_SET_FD, 3 [pid 8314] <... futex resumed>) = 1 [ 203.980015][ T8314] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8311] <... futex resumed>) = 0 [pid 5831] umount2("./217/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8318] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8314] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8311] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8318] <... futex resumed>) = 0 [pid 8311] <... futex resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./217/file2", ./strace-static-x86_64: Process 8320 attached [pid 8318] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8311] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8320] set_robust_list(0x55556b85b6a0, 24 [pid 8318] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] umount2("./217/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8320 [pid 8320] <... set_robust_list resumed>) = 0 [pid 8318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8320] chdir("./217" [pid 8318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8314] mkdir("./file2", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8320] <... chdir resumed>) = 0 [pid 8318] <... mmap resumed>) = 0x7f300ac28000 [pid 8320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8318] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8320] <... prctl resumed>) = 0 [pid 8318] <... mprotect resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./217/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8320] setpgid(0, 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 8318] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8320] <... setpgid resumed>) = 0 [pid 8318] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(4, [pid 8318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8321 attached [pid 8320] <... openat resumed>) = 3 [pid 8319] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8320] write(3, "1000", 4 [pid 8319] close(3 [pid 8318] <... clone3 resumed> => {parent_tid=[8321]}, 88) = 8321 [pid 8320] <... write resumed>) = 4 [pid 8319] <... close resumed>) = 0 [pid 8318] rt_sigprocmask(SIG_SETMASK, [], [pid 8320] close(3 [pid 8319] close(4 [pid 8321] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8320] <... close resumed>) = 0 [pid 8318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] getdents64(4, [pid 8320] symlink("/dev/binderfs", "./binderfs" [pid 8318] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 8318] <... futex resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./217/file2" [pid 8320] <... symlink resumed>) = 0 [pid 8318] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./217") = 0 [pid 8321] <... rseq resumed>) = 0 [pid 8320] write(1, "executing program\n", 18 [pid 8319] <... close resumed>) = 0 [pid 8311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] mkdir("./218", 0777executing program [pid 8321] set_robust_list(0x7f300ac489a0, 24 [pid 8320] <... write resumed>) = 18 [pid 8319] mkdir("./file1", 0777 [pid 8311] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... mkdir resumed>) = 0 [pid 8311] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8319] <... mkdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8321] <... set_robust_list resumed>) = 0 [pid 8320] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] close(3 [pid 8320] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8311] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] <... close resumed>) = 0 [pid 8311] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8322 attached [pid 8311] <... mprotect resumed>) = 0 [pid 8320] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8311] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8322 [pid 8321] rt_sigprocmask(SIG_SETMASK, [], [pid 8320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [ 204.044472][ T8319] loop4: detected capacity change from 0 to 256 [ 204.070580][ T8314] exFAT-fs (loop3): error, data size is invalid(9000) [ 204.077426][ T8314] exFAT-fs (loop3): Filesystem has been set read-only [pid 8322] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8319] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8322] chdir("./218" [pid 8314] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8311] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8322] <... chdir resumed>) = 0 [pid 8314] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8323 attached [pid 8322] <... prctl resumed>) = 0 [pid 8311] <... clone3 resumed> ) = ? [pid 8323] +++ killed by SIGSEGV +++ [pid 8322] setpgid(0, 0 [pid 8321] memfd_create("syzkaller", 0 [pid 8320] <... mmap resumed>) = 0x7f300ac28000 [pid 8322] <... setpgid resumed>) = 0 [pid 8321] <... memfd_create resumed>) = 3 [pid 8320] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8320] <... mprotect resumed>) = 0 [pid 8322] <... openat resumed>) = 3 [pid 8321] <... mmap resumed>) = 0x7f3002800000 [pid 8320] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8322] write(3, "1000", 4) = 4 [pid 8322] close(3) = 0 [pid 8322] symlink("/dev/binderfs", "./binderfs" [pid 8321] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8320] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8322] <... symlink resumed>) = 0 [pid 8320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8314] +++ killed by SIGSEGV +++ [pid 8311] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8324 attached [pid 8320] <... clone3 resumed> => {parent_tid=[8324]}, 88) = 8324 [pid 8322] write(1, "executing program\n", 18executing program [pid 8320] rt_sigprocmask(SIG_SETMASK, [], [pid 8322] <... write resumed>) = 18 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8311, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8324] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8322] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8324] <... rseq resumed>) = 0 [pid 8322] <... futex resumed>) = 0 [pid 8324] set_robust_list(0x7f300ac489a0, 24 [pid 8322] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8320] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8320] <... futex resumed>) = 0 [pid 8324] <... set_robust_list resumed>) = 0 [pid 8322] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8324] rt_sigprocmask(SIG_SETMASK, [], [pid 8322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8320] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8321] <... write resumed>) = 131072 [pid 5833] umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8324] memfd_create("syzkaller", 0 [pid 8322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8322] <... mmap resumed>) = 0x7f300ac28000 [pid 8324] <... memfd_create resumed>) = 3 [pid 8322] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8322] <... mprotect resumed>) = 0 [pid 8324] <... mmap resumed>) = 0x7f3002800000 [pid 8322] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8324] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8322] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8321] munmap(0x7f3002800000, 138412032 [pid 5833] openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 8325 attached [pid 8321] <... munmap resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8322] <... clone3 resumed> => {parent_tid=[8325]}, 88) = 8325 [pid 8321] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8322] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] getdents64(3, [pid 8322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8325] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8322] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8325] <... rseq resumed>) = 0 [pid 8322] <... futex resumed>) = 0 [pid 8321] <... openat resumed>) = 4 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8325] set_robust_list(0x7f300ac489a0, 24 [pid 8324] <... write resumed>) = 131072 [pid 8322] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8321] ioctl(4, LOOP_SET_FD, 3 [pid 5833] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8325] <... set_robust_list resumed>) = 0 [pid 8325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8324] munmap(0x7f3002800000, 138412032 [pid 8325] memfd_create("syzkaller", 0 [pid 8324] <... munmap resumed>) = 0 [pid 8325] <... memfd_create resumed>) = 3 [pid 5833] <... umount2 resumed>) = 0 [pid 8325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8324] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8325] <... mmap resumed>) = 0x7f3002800000 [pid 8324] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8325] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8324] ioctl(4, LOOP_SET_FD, 3 [pid 5833] newfstatat(AT_FDCWD, "./216/file1", [pid 8321] <... ioctl resumed>) = 0 [pid 8325] <... write resumed>) = 131072 [pid 8321] close(3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8325] munmap(0x7f3002800000, 138412032 [pid 5833] newfstatat(4, "", [pid 8325] <... munmap resumed>) = 0 [pid 8321] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8321] close(4 [pid 8325] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] getdents64(4, [pid 8321] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8325] <... openat resumed>) = 4 [ 204.162797][ T8319] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 204.186924][ T8321] loop2: detected capacity change from 0 to 256 [ 204.205956][ T8324] loop0: detected capacity change from 0 to 256 [pid 8325] ioctl(4, LOOP_SET_FD, 3 [pid 8321] mkdir("./file1", 0777) = 0 [pid 8324] <... ioctl resumed>) = 0 [pid 8321] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8319] <... mount resumed>) = 0 [pid 5833] getdents64(4, [pid 8324] close(3) = 0 [pid 8325] <... ioctl resumed>) = 0 [pid 8324] close(4 [pid 8319] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8325] close(3 [pid 8319] <... openat resumed>) = 3 [pid 5833] close(4 [pid 8325] <... close resumed>) = 0 [pid 8324] <... close resumed>) = 0 [pid 8319] chdir("./file1" [pid 5833] <... close resumed>) = 0 [pid 8325] close(4 [pid 8324] mkdir("./file1", 0777 [pid 8319] <... chdir resumed>) = 0 [pid 8325] <... close resumed>) = 0 [pid 5833] rmdir("./216/file1" [pid 8325] mkdir("./file1", 0777 [pid 8324] <... mkdir resumed>) = 0 [pid 8319] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... rmdir resumed>) = 0 [pid 8319] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8325] <... mkdir resumed>) = 0 [pid 8324] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8319] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8325] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8321] <... mount resumed>) = 0 [pid 8319] <... futex resumed>) = 1 [pid 8316] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 204.223941][ T8325] loop1: detected capacity change from 0 to 256 [ 204.244325][ T8321] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8319] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8316] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./216/binderfs", [pid 8321] <... openat resumed>) = 3 [pid 8321] chdir("./file1" [pid 8316] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8321] <... chdir resumed>) = 0 [pid 8316] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./216/binderfs" [pid 8321] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5833] <... unlink resumed>) = 0 [pid 8321] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8321] <... futex resumed>) = 1 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8321] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8319] <... openat resumed>) = 4 [pid 8318] <... futex resumed>) = 0 [pid 5833] close(3 [pid 8325] <... mount resumed>) = 0 [pid 8324] <... mount resumed>) = 0 [pid 8319] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8318] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8321] <... futex resumed>) = 0 [pid 8319] <... futex resumed>) = 1 [pid 8318] <... futex resumed>) = 1 [pid 5833] rmdir("./216" [pid 8325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8321] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8319] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8318] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8316] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8325] <... openat resumed>) = 3 [pid 8324] <... openat resumed>) = 3 [pid 8321] <... openat resumed>) = 4 [pid 8316] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8325] chdir("./file1" [pid 8324] chdir("./file1" [pid 8321] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 204.272134][ T8324] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 204.306634][ T8325] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8316] <... futex resumed>) = 0 [pid 5833] mkdir("./217", 0777 [pid 8321] <... futex resumed>) = 0 [pid 8319] mkdir("./file2", 0777 [pid 8324] <... chdir resumed>) = 0 [pid 8316] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8324] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8321] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8318] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 8325] <... chdir resumed>) = 0 [pid 8324] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8321] mkdir("./file2", 0777 [pid 8318] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8325] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8324] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8320] <... futex resumed>) = 0 [pid 8318] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8325] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8324] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8320] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8320] <... futex resumed>) = 0 [pid 8324] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8320] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8325] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8324] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 3 [pid 8325] <... futex resumed>) = 1 [pid 8324] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8325] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8320] <... futex resumed>) = 0 [ 204.336362][ T8319] exFAT-fs (loop4): error, data size is invalid(9000) [ 204.346080][ T8321] exFAT-fs (loop2): error, data size is invalid(9000) [ 204.361370][ T8321] exFAT-fs (loop2): Filesystem has been set read-only [ 204.370013][ T8319] exFAT-fs (loop4): Filesystem has been set read-only [pid 8324] <... futex resumed>) = 1 [pid 8322] <... futex resumed>) = 0 [pid 8320] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8324] mkdir("./file2", 0777 [pid 8316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... ioctl resumed>) = 0 [pid 8320] <... futex resumed>) = 0 [pid 8316] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8316] <... futex resumed>) = 0 [pid 8322] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8320] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8322] <... futex resumed>) = 1 [pid 8321] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8322] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8321] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8319] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8318] <... futex resumed>) = ? [pid 8321] +++ killed by SIGSEGV +++ [pid 8318] +++ killed by SIGSEGV +++ [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8326 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8318, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8325] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8326 attached [pid 8325] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8319] +++ killed by SIGSEGV +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./211", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./211/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8324] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8326] set_robust_list(0x55556b85b6a0, 24 [pid 8325] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = 0 [pid 8326] <... set_robust_list resumed>) = 0 [pid 8325] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./211/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./211/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8325] <... futex resumed>) = 1 [pid 8322] <... futex resumed>) = 0 [pid 8316] +++ killed by SIGSEGV +++ [pid 8326] chdir("./217" [pid 8325] mkdir("./file2", 0777 [pid 8322] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8316, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] umount2("./211/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8326] <... chdir resumed>) = 0 [pid 8322] <... futex resumed>) = 0 [pid 8322] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8326] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "./211/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... openat resumed>) = 4 [ 204.389390][ T8324] exFAT-fs (loop0): error, data size is invalid(9000) [ 204.408966][ T8324] exFAT-fs (loop0): Filesystem has been set read-only [ 204.424567][ T8325] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8326] <... openat resumed>) = 3 [pid 5832] newfstatat(4, "", [pid 8326] write(3, "1000", 4 [pid 8324] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", [pid 8326] <... write resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8326] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 8326] <... close resumed>) = 0 [pid 8320] <... futex resumed>) = ? [pid 5834] getdents64(3, [pid 8326] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8326] <... symlink resumed>) = 0 [pid 5834] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, executing program [pid 8326] write(1, "executing program\n", 18 [pid 5834] <... umount2 resumed>) = 0 [pid 8326] <... write resumed>) = 18 [pid 8324] +++ killed by SIGSEGV +++ [pid 8320] +++ killed by SIGSEGV +++ [pid 5834] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8326] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8320, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8326] <... futex resumed>) = 0 [pid 8325] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8326] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8325] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] newfstatat(AT_FDCWD, "./214/file1", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8326] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8322] <... futex resumed>) = ? [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8326] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8326] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] openat(AT_FDCWD, "./214/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] rmdir("./211/file1" [pid 8326] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 8326] <... mprotect resumed>) = 0 [pid 8325] +++ killed by SIGSEGV +++ [pid 8322] +++ killed by SIGSEGV +++ [pid 5834] newfstatat(4, "", [pid 5832] umount2("./211/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8326] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8326] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] getdents64(4, [pid 5832] newfstatat(AT_FDCWD, "./211/binderfs", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8322, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8327 attached [pid 5834] getdents64(4, [pid 5832] unlink("./211/binderfs" [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8326] <... clone3 resumed> => {parent_tid=[8327]}, 88) = 8327 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8326] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] close(4 [pid 5832] getdents64(3, [pid 5830] newfstatat(3, "", [pid 8327] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8327] <... rseq resumed>) = 0 [pid 8326] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] rmdir("./214/file1" [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8327] set_robust_list(0x7f300ac489a0, 24 [pid 8326] <... futex resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] close(3 [pid 5830] getdents64(3, [pid 8327] <... set_robust_list resumed>) = 0 [pid 8326] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] umount2("./214/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [ 204.437337][ T8325] exFAT-fs (loop1): Filesystem has been set read-only [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./211" [pid 5831] umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8327] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] newfstatat(AT_FDCWD, "./214/binderfs", [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] mkdir("./212", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./217/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./214/binderfs" [pid 5832] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... unlink resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5830] openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8327] memfd_create("syzkaller", 0 [pid 5831] getdents64(3, [pid 5830] newfstatat(4, "", [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, [pid 5832] <... ioctl resumed>) = 0 [pid 5831] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 8327] <... memfd_create resumed>) = 3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 8327] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... close resumed>) = 0 [pid 5831] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5834] rmdir("./214" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8327] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./218/file1", [pid 5830] close(4 [pid 5834] mkdir("./215", 0777 [pid 5832] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... close resumed>) = 0 [pid 8327] <... write resumed>) = 131072 [pid 5834] <... mkdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./217/file1" [pid 8327] munmap(0x7f3002800000, 138412032 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8327] <... munmap resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... openat resumed>) = 4 [pid 8327] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", [pid 5830] umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8327] <... openat resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./217/binderfs", [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8328 attached [pid 8327] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] unlink("./217/binderfs" [pid 8328] set_robust_list(0x55556b85b6a0, 24 [pid 5831] getdents64(4, [pid 5830] <... unlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5834] close(3 [pid 5831] close(4 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8328 ./strace-static-x86_64: Process 8329 attached [pid 5830] close(3 [pid 5831] rmdir("./218/file1" [pid 5830] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] rmdir("./217" [pid 8329] set_robust_list(0x55556b85b6a0, 24 [pid 5831] umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... rmdir resumed>) = 0 [pid 8329] <... set_robust_list resumed>) = 0 [pid 8328] <... set_robust_list resumed>) = 0 [pid 8327] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8329] chdir("./215" [pid 5831] newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mkdir("./218", 0777 [pid 8329] <... chdir resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8329 [pid 5831] unlink("./218/binderfs" [pid 8329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... mkdir resumed>) = 0 [pid 8328] chdir("./212" [pid 8329] <... prctl resumed>) = 0 [pid 8328] <... chdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8328] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8329] setpgid(0, 0 [pid 8328] <... prctl resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8328] setpgid(0, 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8329] <... setpgid resumed>) = 0 [pid 5830] close(3 [pid 8328] <... setpgid resumed>) = 0 [pid 5831] rmdir("./218" [pid 5830] <... close resumed>) = 0 [pid 8328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... rmdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8328] <... openat resumed>) = 3 [pid 8329] <... openat resumed>) = 3 [pid 8328] write(3, "1000", 4 [pid 8329] write(3, "1000", 4) = 4 [pid 5831] mkdir("./219", 0777 [pid 8329] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 8329] <... close resumed>) = 0 [pid 8329] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8329] write(1, "executing program\n", 18 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8330 [pid 8329] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 3 [pid 8329] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8330 attached [pid 8328] <... write resumed>) = 4 [pid 8329] <... futex resumed>) = 0 [pid 8328] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8329] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8328] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8327] close(3 [pid 8329] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] close(3 [pid 8327] <... close resumed>) = 0 [pid 8328] symlink("/dev/binderfs", "./binderfs" [pid 8330] set_robust_list(0x55556b85b6a0, 24 [pid 8329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8330] <... set_robust_list resumed>) = 0 [pid 8329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8328] <... symlink resumed>) = 0 [pid 8327] close(4executing program [pid 8329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8328] write(1, "executing program\n", 18 [pid 8327] <... close resumed>) = 0 [pid 8330] chdir("./218" [pid 8327] mkdir("./file1", 0777 [pid 8328] <... write resumed>) = 18 [pid 8329] <... mmap resumed>) = 0x7f300ac28000 [pid 8329] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8330] <... chdir resumed>) = 0 [pid 8329] <... mprotect resumed>) = 0 [pid 8328] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8327] <... mkdir resumed>) = 0 [pid 8330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8328] <... futex resumed>) = 0 [pid 8327] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8328] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8328] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 8331 attached [pid 8330] <... prctl resumed>) = 0 [pid 8328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8331] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8329] <... clone3 resumed> => {parent_tid=[8331]}, 88) = 8331 [pid 8328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8330] setpgid(0, 0 [pid 8331] <... rseq resumed>) = 0 [pid 8329] rt_sigprocmask(SIG_SETMASK, [], [pid 8328] <... mmap resumed>) = 0x7f300ac28000 [pid 8331] set_robust_list(0x7f300ac489a0, 24 [pid 8329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8328] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8330] <... setpgid resumed>) = 0 [pid 8331] <... set_robust_list resumed>) = 0 [pid 8329] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8331] rt_sigprocmask(SIG_SETMASK, [], [pid 8329] <... futex resumed>) = 0 [pid 8331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8329] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8328] <... mprotect resumed>) = 0 [pid 8331] memfd_create("syzkaller", 0 [pid 8330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8328] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8331] <... memfd_create resumed>) = 3 [pid 8330] <... openat resumed>) = 3 [pid 8328] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8330] write(3, "1000", 4 [pid 8331] <... mmap resumed>) = 0x7f3002800000 [pid 8328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8331] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8330] <... write resumed>) = 4 [pid 5831] <... close resumed>) = 0 ./strace-static-x86_64: Process 8332 attached [pid 8330] close(3 [pid 8331] <... write resumed>) = 131072 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8333 attached [ 204.520404][ T8327] loop3: detected capacity change from 0 to 256 [pid 8332] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8331] munmap(0x7f3002800000, 138412032 [pid 8330] <... close resumed>) = 0 [pid 8328] <... clone3 resumed> => {parent_tid=[8332]}, 88) = 8332 [pid 8328] rt_sigprocmask(SIG_SETMASK, [], [pid 8330] symlink("/dev/binderfs", "./binderfs" [pid 8328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8330] <... symlink resumed>) = 0 [pid 8328] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8333 executing program [pid 8330] write(1, "executing program\n", 18 [pid 8328] <... futex resumed>) = 0 [pid 8330] <... write resumed>) = 18 [pid 8328] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8330] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8331] <... munmap resumed>) = 0 [pid 8330] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8332] <... rseq resumed>) = 0 [pid 8330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8333] set_robust_list(0x55556b85b6a0, 24 [pid 8332] set_robust_list(0x7f300ac489a0, 24 [pid 8330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8332] <... set_robust_list resumed>) = 0 [pid 8330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8332] rt_sigprocmask(SIG_SETMASK, [], [pid 8330] <... mmap resumed>) = 0x7f300ac28000 [pid 8333] <... set_robust_list resumed>) = 0 [pid 8330] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8333] chdir("./219" [pid 8332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8330] <... mprotect resumed>) = 0 [pid 8332] memfd_create("syzkaller", 0 [pid 8331] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8330] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8333] <... chdir resumed>) = 0 [pid 8331] <... openat resumed>) = 4 [pid 8330] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8332] <... memfd_create resumed>) = 3 [pid 8331] ioctl(4, LOOP_SET_FD, 3 [pid 8330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8333] <... prctl resumed>) = 0 [pid 8332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8331] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8334 attached [pid 8333] setpgid(0, 0 [pid 8332] <... mmap resumed>) = 0x7f3002800000 [pid 8331] ioctl(4, LOOP_CLR_FD [pid 8330] <... clone3 resumed> => {parent_tid=[8334]}, 88) = 8334 [pid 8333] <... setpgid resumed>) = 0 [pid 8332] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8331] <... ioctl resumed>) = 0 [pid 8330] rt_sigprocmask(SIG_SETMASK, [], [pid 8334] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8331] ioctl(4, LOOP_SET_FD, 3 [pid 8334] <... rseq resumed>) = 0 [pid 8333] <... openat resumed>) = 3 [pid 8331] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8330] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8334] set_robust_list(0x7f300ac489a0, 24 [pid 8333] write(3, "1000", 4 [pid 8332] <... write resumed>) = 131072 [pid 8331] close(4) = 0 [pid 8331] close(3 [pid 8334] <... set_robust_list resumed>) = 0 [pid 8331] <... close resumed>) = 0 [pid 8333] <... write resumed>) = 4 [pid 8331] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8334] rt_sigprocmask(SIG_SETMASK, [], [pid 8333] close(3 [pid 8331] <... futex resumed>) = 1 [pid 8330] <... futex resumed>) = 0 [pid 8329] <... futex resumed>) = 0 [pid 8334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8333] <... close resumed>) = 0 [pid 8332] munmap(0x7f3002800000, 138412032 [pid 8331] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8330] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8329] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8334] memfd_create("syzkaller", 0 [pid 8333] symlink("/dev/binderfs", "./binderfs" [pid 8332] <... munmap resumed>) = 0 [pid 8331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8329] <... futex resumed>) = 0 [pid 8327] <... mount resumed>) = 0 [pid 8333] <... symlink resumed>) = 0 [pid 8329] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8331] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program [pid 8333] write(1, "executing program\n", 18 [pid 8332] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8331] <... openat resumed>) = 3 [pid 8327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8333] <... write resumed>) = 18 [pid 8332] <... openat resumed>) = 4 [ 204.582272][ T8327] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8333] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8332] ioctl(4, LOOP_SET_FD, 3 [pid 8331] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8327] <... openat resumed>) = 3 [pid 8334] <... memfd_create resumed>) = 3 [pid 8333] <... futex resumed>) = 0 [pid 8331] <... futex resumed>) = 1 [pid 8331] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8333] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8329] <... futex resumed>) = 0 [pid 8327] chdir("./file1" [pid 8333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8329] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8327] <... chdir resumed>) = 0 [pid 8333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8327] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8333] <... mmap resumed>) = 0x7f300ac28000 [pid 8327] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8333] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8327] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8333] <... mprotect resumed>) = 0 [pid 8331] <... futex resumed>) = 0 [pid 8329] <... futex resumed>) = 1 [pid 8327] <... futex resumed>) = 1 [pid 8326] <... futex resumed>) = 0 [pid 8334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8333] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8331] mkdir("./file2", 0777 [pid 8329] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8327] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8326] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8334] <... mmap resumed>) = 0x7f3002800000 [pid 8333] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8331] <... mkdir resumed>) = 0 [pid 8327] <... openat resumed>) = 4 [pid 8326] <... futex resumed>) = 0 [pid 8333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8327] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8326] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8335 attached [pid 8329] <... futex resumed>) = ? [pid 8327] <... futex resumed>) = 0 [pid 8326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8335] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8333] <... clone3 resumed> => {parent_tid=[8335]}, 88) = 8335 [pid 8331] +++ killed by SIGSEGV +++ [pid 8327] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8326] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8335] <... rseq resumed>) = 0 [pid 8333] rt_sigprocmask(SIG_SETMASK, [], [pid 8327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8326] <... futex resumed>) = 0 [pid 8335] set_robust_list(0x7f300ac489a0, 24 [pid 8334] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8332] <... ioctl resumed>) = 0 [pid 8329] +++ killed by SIGSEGV +++ [pid 8327] mkdir("./file2", 0777 [pid 8326] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8335] <... set_robust_list resumed>) = 0 [pid 8334] <... write resumed>) = 131072 [pid 8333] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8329, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8335] rt_sigprocmask(SIG_SETMASK, [], [pid 8333] <... futex resumed>) = 0 [pid 8332] close(3 [pid 8335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8333] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8332] <... close resumed>) = 0 [pid 8335] memfd_create("syzkaller", 0 [pid 8332] close(4 [pid 8335] <... memfd_create resumed>) = 3 [pid 8332] <... close resumed>) = 0 [pid 8335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8332] mkdir("./file1", 0777 [pid 8335] <... mmap resumed>) = 0x7f3002800000 [pid 8334] munmap(0x7f3002800000, 138412032 [pid 8332] <... mkdir resumed>) = 0 [pid 8335] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8332] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8334] <... munmap resumed>) = 0 [ 204.626589][ T8332] loop2: detected capacity change from 0 to 256 [ 204.654827][ T8327] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8335] <... write resumed>) = 131072 [pid 8334] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8327] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8334] <... openat resumed>) = 4 [pid 8334] ioctl(4, LOOP_SET_FD, 3 [pid 5834] umount2("./215", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8335] munmap(0x7f3002800000, 138412032 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8335] <... munmap resumed>) = 0 [pid 8327] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8335] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8326] <... futex resumed>) = ? [pid 5834] <... openat resumed>) = 3 [pid 8335] <... openat resumed>) = 4 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, [pid 8335] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8334] <... ioctl resumed>) = 0 [pid 8334] close(3 [pid 8327] +++ killed by SIGSEGV +++ [pid 8326] +++ killed by SIGSEGV +++ [pid 5834] umount2("./215/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./215/devices.list", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./215/devices.list") = 0 [pid 8334] <... close resumed>) = 0 [pid 5834] umount2("./215/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8334] close(4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8334] <... close resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./215/binderfs", [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8326, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8334] mkdir("./file1", 0777 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8334] <... mkdir resumed>) = 0 [pid 5834] unlink("./215/binderfs" [pid 8334] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] <... unlink resumed>) = 0 [pid 5833] umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] umount2("./215/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./215/file2", [pid 5833] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./215/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(3, "", [pid 5834] openat(AT_FDCWD, "./215/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] getdents64(3, [pid 5834] newfstatat(4, "", [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./215/file2") = 0 [pid 8335] <... ioctl resumed>) = 0 [pid 5834] getdents64(3, [pid 8335] close(3) = 0 [pid 8335] close(4) = 0 [ 204.671299][ T8327] exFAT-fs (loop3): Filesystem has been set read-only [ 204.684063][ T8334] loop0: detected capacity change from 0 to 256 [ 204.696405][ T8332] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 204.713414][ T8335] loop1: detected capacity change from 0 to 256 [pid 8335] mkdir("./file1", 0777 [pid 8332] <... mount resumed>) = 0 [pid 8335] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] close(3 [pid 5833] newfstatat(AT_FDCWD, "./217/file1", [pid 5834] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] rmdir("./215" [pid 5833] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... rmdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8335] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8332] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] mkdir("./216", 0777 [pid 8332] chdir("./file1" [pid 5834] <... mkdir resumed>) = 0 [pid 8332] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8332] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 8332] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8332] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8332] <... futex resumed>) = 1 [pid 8328] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8332] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8328] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] newfstatat(4, "", [pid 8328] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 8328] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8336 attached [pid 8332] <... openat resumed>) = 4 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8336 [pid 5833] getdents64(4, [pid 8332] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8332] <... futex resumed>) = 1 [pid 5833] close(4 [pid 8328] <... futex resumed>) = 0 [pid 8332] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... close resumed>) = 0 [pid 8336] set_robust_list(0x55556b85b6a0, 24 [pid 5833] rmdir("./217/file1" [pid 8336] <... set_robust_list resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8336] chdir("./216" [ 204.764190][ T8334] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8336] <... chdir resumed>) = 0 [pid 8328] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8328] <... futex resumed>) = 1 [pid 8332] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./217/binderfs", [pid 8336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8336] <... prctl resumed>) = 0 [pid 5833] unlink("./217/binderfs") = 0 [pid 8336] setpgid(0, 0) = 0 [pid 8336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8336] <... openat resumed>) = 3 [pid 5833] close(3) = 0 [pid 5833] rmdir("./217" [pid 8336] write(3, "1000", 4 [pid 5833] <... rmdir resumed>) = 0 [pid 8336] <... write resumed>) = 4 [pid 5833] mkdir("./218", 0777 [pid 8336] close(3 [pid 5833] <... mkdir resumed>) = 0 [pid 8336] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8332] mkdir("./file2", 0777 [pid 8328] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8336] write(1, "executing program\n", 18) = 18 [pid 8334] <... mount resumed>) = 0 [pid 8336] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8336] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8334] <... openat resumed>) = 3 [pid 8336] <... mmap resumed>) = 0x7f300ac28000 [pid 8334] chdir("./file1" [pid 8336] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8334] <... chdir resumed>) = 0 [pid 8336] <... mprotect resumed>) = 0 [pid 8334] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8336] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8334] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8334] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8336] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8334] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8337 attached => {parent_tid=[8337]}, 88) = 8337 [pid 8336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8336] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8337] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8336] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8337] <... rseq resumed>) = 0 [pid 8337] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8337] memfd_create("syzkaller", 0 [pid 8335] <... mount resumed>) = 0 [pid 8337] <... memfd_create resumed>) = 3 [pid 8337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8335] chdir("./file1" [pid 8330] <... futex resumed>) = 0 [pid 8335] <... chdir resumed>) = 0 [pid 8330] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8337] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8335] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8337] <... write resumed>) = 131072 [pid 8335] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8335] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8333] <... futex resumed>) = 0 [pid 8333] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8335] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8333] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8337] munmap(0x7f3002800000, 138412032 [pid 8335] <... openat resumed>) = 4 [pid 8337] <... munmap resumed>) = 0 [pid 8334] <... futex resumed>) = 0 [pid 8330] <... futex resumed>) = 1 [pid 8334] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8330] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 3 [pid 8337] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8335] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8334] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8337] <... openat resumed>) = 4 [pid 8335] <... futex resumed>) = 1 [pid 8334] <... futex resumed>) = 0 [pid 8333] <... futex resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8335] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8334] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8333] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [ 204.815359][ T8335] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 204.839333][ T8332] exFAT-fs (loop2): error, data size is invalid(9000) [ 204.846235][ T8332] exFAT-fs (loop2): Filesystem has been set read-only [pid 8337] ioctl(4, LOOP_SET_FD, 3 [pid 8335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8333] <... futex resumed>) = 0 [pid 8330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8333] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8335] mkdir("./file2", 0777 [pid 8332] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8330] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... close resumed>) = 0 [pid 8330] <... futex resumed>) = 1 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8338 attached [pid 8334] <... futex resumed>) = 0 [pid 8332] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8330] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8328] ???( [pid 8334] mkdir("./file2", 0777 [pid 8328] <... ??? resumed>) = ? [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8338 [pid 8338] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8338] chdir("./218") = 0 [pid 8338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8338] setpgid(0, 0) = 0 [pid 8338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8338] write(3, "1000", 4 [pid 8337] <... ioctl resumed>) = 0 [pid 8338] <... write resumed>) = 4 [pid 8337] close(3 [pid 8338] close(3 [pid 8337] <... close resumed>) = 0 [pid 8338] <... close resumed>) = 0 [pid 8337] close(4 [pid 8338] symlink("/dev/binderfs", "./binderfs" [pid 8337] <... close resumed>) = 0 [pid 8338] <... symlink resumed>) = 0 [pid 8337] mkdir("./file1", 0777executing program [pid 8338] write(1, "executing program\n", 18 [pid 8337] <... mkdir resumed>) = 0 [pid 8338] <... write resumed>) = 18 [pid 8337] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8338] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8338] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8338] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8333] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8333] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8333] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8339 attached [pid 8333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8338] <... clone3 resumed> => {parent_tid=[8339]}, 88) = 8339 [pid 8333] <... mmap resumed>) = 0x7f300ac07000 [pid 8338] rt_sigprocmask(SIG_SETMASK, [], [pid 8333] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8333] <... mprotect resumed>) = 0 [pid 8338] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 204.885210][ T8335] exFAT-fs (loop1): error, data size is invalid(9000) [ 204.899025][ T8337] loop4: detected capacity change from 0 to 256 [ 204.905815][ T8334] exFAT-fs (loop0): error, data size is invalid(9000) [ 204.913402][ T8335] exFAT-fs (loop1): Filesystem has been set read-only [pid 8333] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8338] <... futex resumed>) = 0 [pid 8333] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8338] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8339] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8339] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8332] +++ killed by SIGSEGV +++ [pid 8330] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8328] +++ killed by SIGSEGV +++ [pid 8339] rt_sigprocmask(SIG_SETMASK, [], [pid 8333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8328, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8339] memfd_create("syzkaller", 0 [pid 8335] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8339] <... memfd_create resumed>) = 3 [pid 8335] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8333] <... clone3 resumed> => {parent_tid=[8340]}, 88) = 8340 [pid 8339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8339] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8337] <... mount resumed>) = 0 [pid 8330] <... futex resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8339] <... write resumed>) = 131072 [pid 8330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8340 attached [pid 8335] +++ killed by SIGSEGV +++ [pid 8330] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] umount2("./212", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8339] munmap(0x7f3002800000, 138412032 [pid 8337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8340] +++ killed by SIGSEGV +++ [pid 8339] <... munmap resumed>) = 0 [pid 8337] <... openat resumed>) = 3 [pid 8333] +++ killed by SIGSEGV +++ [pid 8330] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... openat resumed>) = 3 [pid 8339] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8337] chdir("./file1" [pid 5832] newfstatat(3, "", [pid 8339] <... openat resumed>) = 4 [pid 8337] <... chdir resumed>) = 0 [pid 8330] <... mprotect resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8339] ioctl(4, LOOP_SET_FD, 3 [pid 8337] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8330] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8333, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8337] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8330] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] getdents64(3, [pid 8337] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8341 attached [pid 8337] <... futex resumed>) = 1 [pid 8336] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8341] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8337] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 204.942529][ T8337] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 204.957458][ T8334] exFAT-fs (loop0): Filesystem has been set read-only [pid 8336] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] <... clone3 resumed> => {parent_tid=[8341]}, 88) = 8341 [pid 5832] umount2("./212/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8341] <... rseq resumed>) = 0 [pid 8337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8336] <... futex resumed>) = 0 [pid 8334] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8330] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8341] set_robust_list(0x7f300ac279a0, 24 [pid 8337] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8341] <... set_robust_list resumed>) = 0 [pid 8339] <... ioctl resumed>) = 0 [pid 8337] <... openat resumed>) = 4 [pid 8336] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8330] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./212/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8339] close(3 [pid 8337] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] <... futex resumed>) = ? [pid 8341] +++ killed by SIGSEGV +++ [pid 8339] <... close resumed>) = 0 [pid 8337] <... futex resumed>) = 1 [pid 8336] <... futex resumed>) = 0 [pid 8334] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8339] close(4 [pid 8337] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] +++ killed by SIGSEGV +++ [pid 5832] newfstatat(AT_FDCWD, "./212/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8339] <... close resumed>) = 0 [pid 8337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8336] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8339] mkdir("./file1", 0777 [pid 8337] mkdir("./file2", 0777 [pid 8336] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./212/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 8339] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8330, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] openat(AT_FDCWD, "./212/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5831] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(4, [pid 5831] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8339] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5832] close(4 [pid 5831] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(3, "", [pid 5832] rmdir("./212/file1" [pid 5831] newfstatat(AT_FDCWD, "./219/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5831] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./212/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./212/binderfs", [pid 5831] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] unlink("./212/binderfs" [ 204.989203][ T8339] loop3: detected capacity change from 0 to 256 [ 205.012006][ T8337] exFAT-fs (loop4): error, data size is invalid(9000) [pid 5831] getdents64(4, [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(3, [pid 5831] getdents64(4, [pid 8336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] close(4 [pid 8336] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8336] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] rmdir("./219/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./218/file1", [pid 5832] rmdir("./212" [pid 5831] umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./219/binderfs", [pid 8336] <... mmap resumed>) = 0x7f300ac07000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8336] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] mkdir("./213", 0777 [pid 5831] unlink("./219/binderfs" [pid 5830] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5832] <... mkdir resumed>) = 0 [pid 8337] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8336] <... mprotect resumed>) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] close(4 [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] rmdir("./219" [pid 5830] rmdir("./218/file1" [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] mkdir("./220", 0777 [pid 5830] umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8337] +++ killed by SIGSEGV +++ [pid 8336] +++ killed by SIGSEGV +++ [pid 5832] <... openat resumed>) = 3 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8336, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5832] <... ioctl resumed>) = 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5830] newfstatat(AT_FDCWD, "./218/binderfs", [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 205.054000][ T8337] exFAT-fs (loop4): Filesystem has been set read-only [ 205.063703][ T8339] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8339] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8342 attached [pid 8342] set_robust_list(0x55556b85b6a0, 24 [pid 8339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... restart_syscall resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8342 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] unlink("./218/binderfs" [pid 8342] <... set_robust_list resumed>) = 0 [pid 8339] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 8342] chdir("./213" [pid 8339] chdir("./file1" [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 8342] <... chdir resumed>) = 0 [pid 8339] <... chdir resumed>) = 0 [pid 5834] umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8339] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 8342] <... prctl resumed>) = 0 [pid 8339] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8342] setpgid(0, 0 [pid 8339] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./218" [pid 8342] <... setpgid resumed>) = 0 [pid 8339] <... futex resumed>) = 1 [pid 8338] <... futex resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 8342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8338] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8343 attached [pid 8342] <... openat resumed>) = 3 [pid 8338] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8339] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8338] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] mkdir("./219", 0777 [pid 8343] set_robust_list(0x55556b85b6a0, 24 [pid 8342] write(3, "1000", 4 [pid 8339] <... openat resumed>) = 4 [pid 5834] getdents64(3, [pid 8343] <... set_robust_list resumed>) = 0 [pid 8342] <... write resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8343 [pid 5834] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8343] chdir("./220" [pid 8342] close(3) = 0 [pid 8342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8342] write(1, "executing program\n", 18 [pid 8343] <... chdir resumed>) = 0 executing program [pid 8342] <... write resumed>) = 18 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8342] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8342] <... futex resumed>) = 0 [pid 8339] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... ioctl resumed>) = 0 [pid 8339] <... futex resumed>) = 1 [pid 8338] <... futex resumed>) = 0 [pid 5830] close(3 [pid 8338] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 8343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8338] <... futex resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8343] <... prctl resumed>) = 0 [pid 8343] setpgid(0, 0 [pid 8342] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8339] mkdir("./file2", 0777 [pid 8338] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8344 attached [pid 8343] <... setpgid resumed>) = 0 [pid 8342] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8344 [pid 8342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8342] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8342] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8344] set_robust_list(0x55556b85b6a0, 24 [pid 8343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8342] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8344] <... set_robust_list resumed>) = 0 [pid 8343] <... openat resumed>) = 3 [pid 8342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8345]}, 88) = 8345 [pid 8342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8342] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8344] chdir("./219" [pid 8343] write(3, "1000", 4 [pid 8342] <... futex resumed>) = 0 [pid 8342] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8343] <... write resumed>) = 4 [pid 8344] <... chdir resumed>) = 0 [pid 8343] close(3./strace-static-x86_64: Process 8345 attached [pid 8344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8343] <... close resumed>) = 0 [pid 8344] <... prctl resumed>) = 0 [pid 8343] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8345] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8344] setpgid(0, 0 [pid 8343] write(1, "executing program\n", 18 [pid 5834] <... umount2 resumed>) = 0 [pid 8345] <... rseq resumed>) = 0 [pid 8343] <... write resumed>) = 18 [pid 5834] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8344] <... setpgid resumed>) = 0 [pid 8345] set_robust_list(0x7f300ac489a0, 24 [pid 8343] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8345] <... set_robust_list resumed>) = 0 [pid 8345] rt_sigprocmask(SIG_SETMASK, [], [pid 8344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8344] <... openat resumed>) = 3 [pid 8343] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8345] memfd_create("syzkaller", 0 [pid 5834] newfstatat(AT_FDCWD, "./216/file1", [pid 8345] <... memfd_create resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8343] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8344] write(3, "1000", 4 [pid 8343] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8344] <... write resumed>) = 4 [pid 8343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8344] close(3 [pid 8343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8345] <... mmap resumed>) = 0x7f3002800000 [pid 8344] <... close resumed>) = 0 [pid 8343] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8344] symlink("/dev/binderfs", "./binderfs" [pid 8343] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8345] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8344] <... symlink resumed>) = 0 [pid 8343] <... mprotect resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8344] write(1, "executing program\n", 18executing program [pid 8345] <... write resumed>) = 131072 [pid 8344] <... write resumed>) = 18 [pid 8343] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8338] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] newfstatat(4, "", [pid 8344] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8343] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8344] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8344] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8344] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] getdents64(4, ./strace-static-x86_64: Process 8346 attached [pid 8344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8343] <... clone3 resumed> => {parent_tid=[8346]}, 88) = 8346 [pid 8338] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8346] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8343] rt_sigprocmask(SIG_SETMASK, [], [pid 8338] <... futex resumed>) = 0 [pid 8338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8338] <... mmap resumed>) = 0x7f300ac07000 [pid 8338] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8343] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8346] <... rseq resumed>) = 0 [pid 8345] munmap(0x7f3002800000, 138412032 [pid 8344] <... mmap resumed>) = 0x7f300ac28000 [pid 8343] <... futex resumed>) = 0 [pid 8338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] getdents64(4, [pid 8346] set_robust_list(0x7f300ac489a0, 24 [pid 8345] <... munmap resumed>) = 0 [pid 8343] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8346] <... set_robust_list resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8346] rt_sigprocmask(SIG_SETMASK, [], [pid 8344] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] close(4 [pid 8344] <... mprotect resumed>) = 0 [pid 8339] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... close resumed>) = 0 ./strace-static-x86_64: Process 8347 attached [pid 8346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8345] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8339] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] rmdir("./216/file1" [pid 8338] <... clone3 resumed> => {parent_tid=[8347]}, 88) = 8347 [pid 8338] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... rmdir resumed>) = 0 [pid 8344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8346] memfd_create("syzkaller", 0 [pid 8345] <... openat resumed>) = 4 [pid 8344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [ 205.165116][ T8339] exFAT-fs (loop3): error, data size is invalid(9000) [ 205.196530][ T8339] exFAT-fs (loop3): Filesystem has been set read-only [pid 8345] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8348 attached [pid 8346] <... memfd_create resumed>) = 3 [pid 8338] <... rt_sigprocmask resumed> ) = ? [pid 5834] umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8348] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8347] +++ killed by SIGSEGV +++ [pid 8346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8344] <... clone3 resumed> => {parent_tid=[8348]}, 88) = 8348 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8346] <... mmap resumed>) = 0x7f3002800000 [pid 5834] newfstatat(AT_FDCWD, "./216/binderfs", [pid 8344] rt_sigprocmask(SIG_SETMASK, [], [pid 8348] <... rseq resumed>) = 0 [pid 8346] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8339] +++ killed by SIGSEGV +++ [pid 8338] +++ killed by SIGSEGV +++ [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8348] set_robust_list(0x7f300ac489a0, 24 [pid 8344] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] unlink("./216/binderfs" [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8338, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8348] <... set_robust_list resumed>) = 0 [pid 8344] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 8348] rt_sigprocmask(SIG_SETMASK, [], [pid 8344] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] getdents64(3, [pid 8348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8348] memfd_create("syzkaller", 0 [pid 8346] <... write resumed>) = 131072 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] close(3 [pid 5833] openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./216" [pid 5833] <... openat resumed>) = 3 [pid 8348] <... memfd_create resumed>) = 3 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8345] <... ioctl resumed>) = 0 [pid 8345] close(3) = 0 [pid 8348] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8346] munmap(0x7f3002800000, 138412032 [pid 5834] mkdir("./217", 0777 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8345] close(4) = 0 [pid 8345] mkdir("./file1", 0777 [pid 8346] <... munmap resumed>) = 0 [pid 8345] <... mkdir resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8345] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8348] <... write resumed>) = 131072 [pid 8346] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5834] <... openat resumed>) = 3 [ 205.243398][ T8345] loop2: detected capacity change from 0 to 256 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8348] munmap(0x7f3002800000, 138412032 [pid 8346] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8348] <... munmap resumed>) = 0 [pid 5834] close(3 [pid 8348] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8348] <... openat resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./218/file1", [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8349 attached [pid 8348] ioctl(4, LOOP_SET_FD, 3 [pid 5833] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8349] set_robust_list(0x55556b85b6a0, 24 [pid 5833] openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8349] <... set_robust_list resumed>) = 0 [pid 8349] chdir("./217" [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8349 [pid 5833] newfstatat(4, "", [pid 8349] <... chdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] getdents64(4, [pid 8349] setpgid(0, 0) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8346] <... ioctl resumed>) = 0 [pid 5833] getdents64(4, [pid 8346] close(3 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8348] <... ioctl resumed>) = 0 [pid 8346] <... close resumed>) = 0 [pid 5833] close(4 [pid 8346] close(4 [pid 5833] <... close resumed>) = 0 [pid 8346] <... close resumed>) = 0 [pid 5833] rmdir("./218/file1" [pid 8349] write(3, "1000", 4 [pid 8348] close(3 [pid 8346] mkdir("./file1", 0777 [pid 8349] <... write resumed>) = 4 [pid 8348] <... close resumed>) = 0 [ 205.301006][ T8346] loop1: detected capacity change from 0 to 256 [ 205.315885][ T8348] loop0: detected capacity change from 0 to 256 [pid 8349] close(3 [pid 8348] close(4 [pid 8346] <... mkdir resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8349] <... close resumed>) = 0 [pid 8348] <... close resumed>) = 0 [pid 8349] symlink("/dev/binderfs", "./binderfs" [pid 8348] mkdir("./file1", 0777 [pid 5833] umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8349] <... symlink resumed>) = 0 [pid 8348] <... mkdir resumed>) = 0 [pid 8346] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 8349] write(1, "executing program\n", 18 [pid 8348] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] unlink("./218/binderfs" [pid 8349] <... write resumed>) = 18 [pid 8349] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 8349] <... futex resumed>) = 0 [pid 8349] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8349] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8349] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8349] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(3) = 0 [pid 8349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] rmdir("./218") = 0 ./strace-static-x86_64: Process 8350 attached [pid 8350] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8349] <... clone3 resumed> => {parent_tid=[8350]}, 88) = 8350 [pid 8349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8350] <... rseq resumed>) = 0 [pid 5833] mkdir("./219", 0777 [pid 8345] <... mount resumed>) = 0 [pid 8345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8349] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8350] set_robust_list(0x7f300ac489a0, 24 [pid 8349] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8345] <... openat resumed>) = 3 [pid 5833] <... mkdir resumed>) = 0 [ 205.350332][ T8345] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8350] <... set_robust_list resumed>) = 0 [pid 8345] chdir("./file1") = 0 [pid 8345] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8350] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8345] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8342] <... futex resumed>) = 0 [pid 8342] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8342] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8345] <... futex resumed>) = 1 [pid 8350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8345] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] <... openat resumed>) = 3 [pid 8345] <... openat resumed>) = 4 [pid 8350] memfd_create("syzkaller", 0 [pid 8345] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8345] <... futex resumed>) = 1 [pid 8350] <... memfd_create resumed>) = 3 [pid 8345] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... ioctl resumed>) = 0 [pid 8350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] close(3 [pid 8350] <... mmap resumed>) = 0x7f3002800000 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8342] <... futex resumed>) = 0 [pid 8342] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8345] <... futex resumed>) = 0 [pid 8342] <... futex resumed>) = 1 [pid 8345] mkdir("./file2", 0777 [pid 8342] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8346] <... mount resumed>) = 0 [ 205.414195][ T8346] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 205.428154][ T8348] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 205.455219][ T8345] exFAT-fs (loop2): error, data size is invalid(9000) ./strace-static-x86_64: Process 8351 attached [pid 8350] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8351 [pid 8351] set_robust_list(0x55556b85b6a0, 24 [pid 8348] <... mount resumed>) = 0 [pid 8346] <... openat resumed>) = 3 [pid 8351] <... set_robust_list resumed>) = 0 [pid 8348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8346] chdir("./file1" [pid 8351] chdir("./219" [pid 8350] <... write resumed>) = 131072 [pid 8348] <... openat resumed>) = 3 [pid 8346] <... chdir resumed>) = 0 [pid 8345] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8351] <... chdir resumed>) = 0 [pid 8350] munmap(0x7f3002800000, 138412032 [pid 8348] chdir("./file1" [pid 8346] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8345] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8350] <... munmap resumed>) = 0 [pid 8342] <... futex resumed>) = ? [pid 8351] <... prctl resumed>) = 0 [pid 8350] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8348] <... chdir resumed>) = 0 [pid 8346] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8345] +++ killed by SIGSEGV +++ [pid 8342] +++ killed by SIGSEGV +++ [pid 8351] setpgid(0, 0 [pid 8348] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8350] <... openat resumed>) = 4 [pid 8351] <... setpgid resumed>) = 0 [pid 8346] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8342, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8348] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8350] ioctl(4, LOOP_SET_FD, 3 [pid 8348] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8346] <... futex resumed>) = 1 [pid 8343] <... futex resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8351] <... openat resumed>) = 3 [pid 8348] <... futex resumed>) = 1 [pid 8346] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8344] <... futex resumed>) = 0 [pid 8343] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8351] write(3, "1000", 4 [pid 8348] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8344] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8343] <... futex resumed>) = 0 [pid 8351] <... write resumed>) = 4 [pid 8348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8346] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8343] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./213", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8348] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8346] <... openat resumed>) = 4 [pid 8346] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8346] <... futex resumed>) = 0 [pid 8346] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... openat resumed>) = 3 [pid 8351] close(3 [pid 8348] <... openat resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 8343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8351] <... close resumed>) = 0 [pid 8343] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8348] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8344] <... futex resumed>) = 0 [pid 8351] symlink("/dev/binderfs", "./binderfs" [pid 8348] <... futex resumed>) = 0 [pid 8344] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8343] <... futex resumed>) = 1 [pid 5832] getdents64(3, [pid 8346] <... futex resumed>) = 0 [pid 8344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8343] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8348] mkdir("./file2", 0777 [pid 8346] mkdir("./file2", 0777 [pid 8344] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8351] <... symlink resumed>) = 0 [ 205.470470][ T8345] exFAT-fs (loop2): Filesystem has been set read-only [ 205.499788][ T8350] loop4: detected capacity change from 0 to 256 [pid 8344] <... futex resumed>) = 0 [pid 8350] <... ioctl resumed>) = 0 [pid 8351] write(1, "executing program\n", 18 [pid 8344] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./213/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8350] close(3) = 0 executing program [pid 8350] close(4) = 0 [pid 8351] <... write resumed>) = 18 [pid 8350] mkdir("./file1", 0777 [pid 8351] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8350] <... mkdir resumed>) = 0 [pid 8350] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8351] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8351] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5832] umount2("./213/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8351] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] newfstatat(AT_FDCWD, "./213/file1", [pid 8351] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8343] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8351] <... mprotect resumed>) = 0 [pid 8343] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8351] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8343] <... futex resumed>) = 0 [pid 5832] umount2("./213/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8351] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8343] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] openat(AT_FDCWD, "./213/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8343] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... openat resumed>) = 4 [pid 8343] <... mprotect resumed>) = 0 [ 205.515567][ T8348] exFAT-fs (loop0): error, data size is invalid(9000) [ 205.522835][ T8346] exFAT-fs (loop1): error, data size is invalid(9000) [ 205.535030][ T8346] exFAT-fs (loop1): Filesystem has been set read-only [ 205.547040][ T8348] exFAT-fs (loop0): Filesystem has been set read-only [pid 8346] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 8352 attached [pid 8348] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8343] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8352] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8351] <... clone3 resumed> => {parent_tid=[8352]}, 88) = 8352 [pid 8343] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] getdents64(4, [pid 8352] <... rseq resumed>) = 0 [pid 8351] rt_sigprocmask(SIG_SETMASK, [], [pid 8343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8352] set_robust_list(0x7f300ac489a0, 24 [pid 8351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8352] <... set_robust_list resumed>) = 0 [pid 8351] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8352] rt_sigprocmask(SIG_SETMASK, [], [pid 8351] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8351] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] close(4 [pid 8352] memfd_create("syzkaller", 0 [pid 5832] <... close resumed>) = 0 [pid 8352] <... memfd_create resumed>) = 3 [pid 8346] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] rmdir("./213/file1" [pid 8348] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8353 attached [pid 8352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8344] <... futex resumed>) = ? [pid 8343] <... clone3 resumed> ) = ? [pid 5832] umount2("./213/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8353] +++ killed by SIGSEGV +++ [pid 8352] <... mmap resumed>) = 0x7f3002800000 [pid 8348] +++ killed by SIGSEGV +++ [pid 8346] +++ killed by SIGSEGV +++ [pid 8350] <... mount resumed>) = 0 [pid 8350] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8352] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8350] <... openat resumed>) = 3 [pid 8344] +++ killed by SIGSEGV +++ [pid 8343] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./213/binderfs", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8343, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8350] chdir("./file1" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8344, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8350] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8350] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] unlink("./213/binderfs" [pid 5831] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8350] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8350] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(3, [pid 5831] newfstatat(3, "", [pid 5830] umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8350] <... futex resumed>) = 1 [pid 8349] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8350] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8349] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 5831] getdents64(3, [pid 8352] <... write resumed>) = 131072 [pid 8350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8349] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8352] munmap(0x7f3002800000, 138412032 [pid 8350] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8349] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] rmdir("./213" [pid 5831] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 8350] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./220/file1", [pid 5830] newfstatat(3, "", [pid 8350] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8352] <... munmap resumed>) = 0 [pid 8350] <... futex resumed>) = 1 [pid 8349] <... futex resumed>) = 0 [pid 5832] mkdir("./214", 0777 [pid 5831] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 8352] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 205.573093][ T8350] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8350] mkdir("./file2", 0777 [pid 8349] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8352] <... openat resumed>) = 4 [pid 8349] <... futex resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8352] ioctl(4, LOOP_SET_FD, 3 [pid 8349] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8352] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8352] close(3 [pid 5832] <... openat resumed>) = 3 [pid 8352] <... close resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8352] close(4 [pid 5832] <... ioctl resumed>) = 0 [pid 8352] <... close resumed>) = 0 [pid 5832] close(3 [pid 8352] mkdir("./file1", 0777 [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8352] <... mkdir resumed>) = 0 [pid 8352] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5831] newfstatat(4, "", [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8354 attached [pid 8350] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] close(4 [pid 5830] newfstatat(AT_FDCWD, "./219/file1", [pid 5831] <... close resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8354 [pid 5831] rmdir("./220/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8354] set_robust_list(0x55556b85b6a0, 24 [pid 8350] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8354] <... set_robust_list resumed>) = 0 [pid 8349] <... futex resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8354] chdir("./214" [pid 8350] +++ killed by SIGSEGV +++ [pid 8349] +++ killed by SIGSEGV +++ [pid 5831] umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8354] <... chdir resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8349, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8354] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5831] newfstatat(AT_FDCWD, "./220/binderfs", [pid 8354] <... prctl resumed>) = 0 [pid 8354] setpgid(0, 0) = 0 [ 205.613768][ T8350] exFAT-fs (loop4): error, data size is invalid(9000) [ 205.616997][ T8352] loop3: detected capacity change from 0 to 256 [ 205.620784][ T8350] exFAT-fs (loop4): Filesystem has been set read-only [pid 8354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8354] <... openat resumed>) = 3 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5831] unlink("./220/binderfs") = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 8354] write(3, "1000", 4 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5831] close(3 [pid 8354] <... write resumed>) = 4 [pid 5834] umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8354] close(3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./220" [pid 5830] getdents64(4, [pid 8354] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, [pid 8354] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8354] <... symlink resumed>) = 0 [pid 5834] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 executing program [pid 8354] write(1, "executing program\n", 18 [pid 5831] mkdir("./221", 0777 [pid 5830] close(4 [pid 8354] <... write resumed>) = 18 [pid 8354] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 8354] <... futex resumed>) = 0 [pid 8354] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... mkdir resumed>) = 0 [pid 5830] rmdir("./219/file1" [pid 8354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8354] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8355]}, 88) = 8355 [pid 8354] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5834] newfstatat(AT_FDCWD, "./217/file1", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8355 attached [pid 8354] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./219/binderfs", [pid 5834] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./219/binderfs" [pid 8354] <... futex resumed>) = 0 [pid 8354] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8355] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8352] <... mount resumed>) = 0 [pid 8355] <... rseq resumed>) = 0 [pid 8355] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 8355] memfd_create("syzkaller", 0 [pid 5834] openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... unlink resumed>) = 0 [pid 8355] <... memfd_create resumed>) = 3 [pid 8352] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8352] <... openat resumed>) = 3 [pid 5834] <... openat resumed>) = 4 [pid 5830] getdents64(3, [pid 8352] chdir("./file1" [pid 8355] <... mmap resumed>) = 0x7f3002800000 [pid 8352] <... chdir resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8355] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8352] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8352] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8355] <... write resumed>) = 131072 [pid 5830] close(3 [pid 8352] <... futex resumed>) = 1 [ 205.670768][ T8352] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8352] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8351] <... futex resumed>) = 0 [pid 8351] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] rmdir("./219" [pid 8352] <... futex resumed>) = 0 [pid 8351] <... futex resumed>) = 1 [pid 8352] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8351] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8355] munmap(0x7f3002800000, 138412032 [pid 8352] <... openat resumed>) = 4 [pid 8355] <... munmap resumed>) = 0 [pid 8352] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8351] <... futex resumed>) = 0 [pid 8352] mkdir("./file2", 0777 [pid 8351] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8356 attached ) = 0 [pid 5834] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 8355] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5830] mkdir("./220", 0777 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8356 [pid 8356] set_robust_list(0x55556b85b6a0, 24 [pid 8355] ioctl(4, LOOP_SET_FD, 3 [pid 8351] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8356] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 8356] chdir("./221" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8356] <... chdir resumed>) = 0 [pid 5834] close(4 [pid 5830] <... openat resumed>) = 3 [pid 8356] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8356] <... prctl resumed>) = 0 [pid 8356] setpgid(0, 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8356] <... setpgid resumed>) = 0 [pid 5834] rmdir("./217/file1" [pid 5830] close(3 [pid 8356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... close resumed>) = 0 [pid 8356] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] <... rmdir resumed>) = 0 [pid 5834] umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8356] write(3, "1000", 4 [pid 5834] unlink("./217/binderfs") = 0 [pid 8356] <... write resumed>) = 4 ./strace-static-x86_64: Process 8357 attached [pid 8356] close(3 [pid 8355] <... ioctl resumed>) = 0 [pid 8352] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8357 [pid 8356] <... close resumed>) = 0 [pid 8357] set_robust_list(0x55556b85b6a0, 24 [pid 8356] symlink("/dev/binderfs", "./binderfs" [pid 8355] close(3 [pid 8352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8351] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3 [pid 8357] <... set_robust_list resumed>) = 0 executing program [pid 8356] <... symlink resumed>) = 0 [pid 8355] <... close resumed>) = 0 [pid 8352] +++ killed by SIGSEGV +++ [pid 8351] +++ killed by SIGSEGV +++ [pid 5834] <... close resumed>) = 0 [pid 8356] write(1, "executing program\n", 18 [pid 8355] close(4 [pid 5834] rmdir("./217" [pid 8357] chdir("./220" [pid 8356] <... write resumed>) = 18 [pid 8355] <... close resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8351, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8356] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8355] mkdir("./file1", 0777 [pid 5834] mkdir("./218", 0777 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8356] <... futex resumed>) = 0 [pid 8355] <... mkdir resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 8355] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8357] <... chdir resumed>) = 0 [pid 8356] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... restart_syscall resumed>) = 0 [pid 8357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8356] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8357] <... prctl resumed>) = 0 [pid 8356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [ 205.724969][ T8352] exFAT-fs (loop3): error, data size is invalid(9000) [ 205.734977][ T8355] loop2: detected capacity change from 0 to 256 [ 205.749581][ T8352] exFAT-fs (loop3): Filesystem has been set read-only [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8357] setpgid(0, 0 [pid 8356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8357] <... setpgid resumed>) = 0 [pid 8356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8356] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8356] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... openat resumed>) = 3 [pid 8357] <... openat resumed>) = 3 [pid 8356] <... mprotect resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8356] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8357] write(3, "1000", 4 [pid 8356] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8357] <... write resumed>) = 4 [pid 8356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8357] close(3) = 0 [pid 8357] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8359 ./strace-static-x86_64: Process 8358 attached [pid 8357] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 8359 attached [pid 8358] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8359] set_robust_list(0x55556b85b6a0, 24 [pid 8358] <... rseq resumed>) = 0 [pid 8358] set_robust_list(0x7f300ac489a0, 24 [pid 8357] write(1, "executing program\n", 18 [pid 8356] <... clone3 resumed> => {parent_tid=[8358]}, 88) = 8358 [pid 5833] <... umount2 resumed>) = 0 executing program [pid 5833] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8357] <... write resumed>) = 18 [pid 8356] rt_sigprocmask(SIG_SETMASK, [], [pid 8357] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8357] <... futex resumed>) = 0 [pid 8356] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./219/file1", [pid 8356] <... futex resumed>) = 0 [pid 8357] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8356] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8357] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... openat resumed>) = 4 [pid 8359] <... set_robust_list resumed>) = 0 [pid 8359] chdir("./218") = 0 [pid 8359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8359] setpgid(0, 0) = 0 [pid 8359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8358] <... set_robust_list resumed>) = 0 [pid 8358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8358] memfd_create("syzkaller", 0 [pid 8357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8359] write(3, "1000", 4 [pid 8357] <... mmap resumed>) = 0x7f300ac28000 [pid 8359] <... write resumed>) = 4 [pid 8358] <... memfd_create resumed>) = 3 [pid 8357] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 8358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8359] close(3 [pid 5833] newfstatat(4, "", [pid 8359] <... close resumed>) = 0 [pid 8358] <... mmap resumed>) = 0x7f3002800000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8358] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 8359] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8359] <... symlink resumed>) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./219/file1" [pid 8359] write(1, "executing program\n", 18 [pid 8358] <... write resumed>) = 131072 [pid 5833] <... rmdir resumed>) = 0 [pid 8359] <... write resumed>) = 18 [pid 8359] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8359] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8359] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] newfstatat(AT_FDCWD, "./219/binderfs", [pid 8359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] unlink("./219/binderfs" [pid 8359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8358] munmap(0x7f3002800000, 138412032 [pid 5833] <... unlink resumed>) = 0 [pid 8359] <... mmap resumed>) = 0x7f300ac28000 [pid 8358] <... munmap resumed>) = 0 [pid 5833] getdents64(3, [pid 8359] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8359] <... mprotect resumed>) = 0 [pid 8358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] close(3 [pid 8359] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8358] <... openat resumed>) = 4 [pid 8357] <... mprotect resumed>) = 0 [pid 8359] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8358] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./219" [pid 8357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... rmdir resumed>) = 0 [pid 8359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8359] <... clone3 resumed> => {parent_tid=[8360]}, 88) = 8360 [pid 8359] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8361 attached NULL, 8) = 0 [pid 8359] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8359] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8360 attached [pid 5833] mkdir("./220", 0777) = 0 [pid 8360] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8355] <... mount resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8361] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8360] <... rseq resumed>) = 0 [pid 8357] <... clone3 resumed> => {parent_tid=[8361]}, 88) = 8361 [pid 5833] <... openat resumed>) = 3 [pid 8361] <... rseq resumed>) = 0 [pid 8357] rt_sigprocmask(SIG_SETMASK, [], [pid 8361] set_robust_list(0x7f300ac489a0, 24 [pid 8357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8361] <... set_robust_list resumed>) = 0 [pid 8360] set_robust_list(0x7f300ac489a0, 24 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8361] rt_sigprocmask(SIG_SETMASK, [], [pid 8360] <... set_robust_list resumed>) = 0 [pid 8355] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... ioctl resumed>) = 0 [pid 8361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8360] rt_sigprocmask(SIG_SETMASK, [], [pid 8357] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8355] <... openat resumed>) = 3 [pid 5833] close(3 [pid 8355] chdir("./file1" [pid 8360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8355] <... chdir resumed>) = 0 [pid 8361] memfd_create("syzkaller", 0 [pid 8360] memfd_create("syzkaller", 0 [pid 8357] <... futex resumed>) = 0 [pid 8355] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8361] <... memfd_create resumed>) = 3 [pid 8357] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8360] <... memfd_create resumed>) = 3 [pid 8355] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8355] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8354] <... futex resumed>) = 0 [pid 8360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8354] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8360] <... mmap resumed>) = 0x7f3002800000 [pid 8354] <... futex resumed>) = 0 [pid 8354] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8360] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8355] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8361] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8355] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8354] <... futex resumed>) = 0 [pid 8360] <... write resumed>) = 131072 [pid 8358] <... ioctl resumed>) = 0 [pid 8355] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8354] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8354] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 8361] <... write resumed>) = 131072 [pid 8360] munmap(0x7f3002800000, 138412032 [pid 8358] close(3 [pid 8355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 205.819818][ T8355] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 205.857552][ T8358] loop1: detected capacity change from 0 to 256 [pid 8361] munmap(0x7f3002800000, 138412032 [pid 8360] <... munmap resumed>) = 0 [pid 8355] mkdir("./file2", 0777./strace-static-x86_64: Process 8362 attached [pid 8361] <... munmap resumed>) = 0 [pid 8360] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8358] <... close resumed>) = 0 [pid 8360] ioctl(4, LOOP_SET_FD, 3 [pid 8358] close(4) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8362 [pid 8358] mkdir("./file1", 0777 [pid 8362] set_robust_list(0x55556b85b6a0, 24 [pid 8361] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8358] <... mkdir resumed>) = 0 [pid 8358] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8362] <... set_robust_list resumed>) = 0 [pid 8361] <... openat resumed>) = 4 [pid 8361] ioctl(4, LOOP_SET_FD, 3 [pid 8362] chdir("./220") = 0 [pid 8362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8362] setpgid(0, 0 [pid 8354] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8354] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8362] <... setpgid resumed>) = 0 [pid 8354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8361] <... ioctl resumed>) = 0 [pid 8362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8361] close(3 [pid 8354] <... mmap resumed>) = 0x7f300ac07000 [pid 8354] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8362] <... openat resumed>) = 3 [pid 8361] <... close resumed>) = 0 [pid 8354] <... mprotect resumed>) = 0 [pid 8362] write(3, "1000", 4 [pid 8361] close(4 [pid 8362] <... write resumed>) = 4 [pid 8362] close(3 [pid 8361] <... close resumed>) = 0 [pid 8360] <... ioctl resumed>) = 0 [pid 8354] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8362] <... close resumed>) = 0 [pid 8361] mkdir("./file1", 0777) = 0 [pid 8354] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8360] close(3 [pid 8354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8360] <... close resumed>) = 0 [pid 8360] close(4 [pid 8354] <... clone3 resumed> => {parent_tid=[8363]}, 88) = 8363 [pid 8360] <... close resumed>) = 0 [pid 8354] rt_sigprocmask(SIG_SETMASK, [], [pid 8360] mkdir("./file1", 0777 [pid 8354] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 205.897219][ T8355] exFAT-fs (loop2): error, data size is invalid(9000) [ 205.908261][ T8360] loop4: detected capacity change from 0 to 256 [ 205.920549][ T8361] loop0: detected capacity change from 0 to 256 [ 205.927698][ T8355] exFAT-fs (loop2): Filesystem has been set read-only executing program ./strace-static-x86_64: Process 8363 attached [pid 8362] symlink("/dev/binderfs", "./binderfs" [pid 8361] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8360] <... mkdir resumed>) = 0 [pid 8354] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8354] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8362] <... symlink resumed>) = 0 [pid 8363] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8362] write(1, "executing program\n", 18 [pid 8360] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8362] <... write resumed>) = 18 [pid 8363] <... rseq resumed>) = 0 [pid 8362] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8363] set_robust_list(0x7f300ac279a0, 24 [pid 8362] <... futex resumed>) = 0 [pid 8363] <... set_robust_list resumed>) = 0 [pid 8362] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8363] rt_sigprocmask(SIG_SETMASK, [], [pid 8355] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8363] +++ killed by SIGSEGV +++ [pid 8354] <... futex resumed>) = ? [pid 8362] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8362] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8355] +++ killed by SIGSEGV +++ [pid 8354] +++ killed by SIGSEGV +++ [pid 8358] <... mount resumed>) = 0 [pid 8358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8358] chdir("./file1") = 0 [pid 8358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8358] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8358] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8362] <... mprotect resumed>) = 0 [pid 8362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8354, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5832] umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8356] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8356] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8358] <... futex resumed>) = 0 [pid 8356] <... futex resumed>) = 1 [pid 5832] <... openat resumed>) = 3 [pid 8358] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8356] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8362] <... clone3 resumed> => {parent_tid=[8364]}, 88) = 8364 [ 205.952388][ T8358] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 205.958475][ T8361] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 205.983461][ T8360] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 8364 attached [pid 8362] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = 0 [pid 8364] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8362] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8364] <... rseq resumed>) = 0 [pid 8362] <... futex resumed>) = 0 [pid 8364] set_robust_list(0x7f300ac489a0, 24 [pid 8362] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8364] <... set_robust_list resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./214/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8358] <... openat resumed>) = 4 [pid 5832] umount2("./214/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8358] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8358] <... futex resumed>) = 1 [pid 8356] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./214/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8358] mkdir("./file2", 0777 [pid 8356] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 8364] rt_sigprocmask(SIG_SETMASK, [], [pid 8356] <... futex resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 8356] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 8364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 8364] memfd_create("syzkaller", 0 [pid 8361] <... mount resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8364] <... memfd_create resumed>) = 3 [pid 8364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8364] <... mmap resumed>) = 0x7f3002800000 [pid 5832] close(4 [pid 8361] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./214/file1") = 0 [pid 8364] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8361] chdir("./file1" [pid 5832] umount2("./214/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./214/binderfs" [pid 8364] <... write resumed>) = 131072 [pid 8361] <... chdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8361] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8364] munmap(0x7f3002800000, 138412032 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8364] <... munmap resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8361] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8364] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] rmdir("./214" [pid 8364] <... openat resumed>) = 4 [pid 8361] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 8364] ioctl(4, LOOP_SET_FD, 3 [pid 8361] <... futex resumed>) = 1 [pid 8357] <... futex resumed>) = 0 [pid 8364] <... ioctl resumed>) = 0 [pid 8361] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8360] <... mount resumed>) = 0 [pid 8358] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] mkdir("./215", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 8360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8358] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... close resumed>) = 0 [pid 8356] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8364] close(3 [pid 8360] <... openat resumed>) = 3 [pid 8357] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8356] <... futex resumed>) = ? [pid 8364] <... close resumed>) = 0 [pid 8358] +++ killed by SIGSEGV +++ [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8364] close(4 [pid 8361] <... futex resumed>) = 0 [pid 8360] chdir("./file1" [pid 8357] <... futex resumed>) = 1 [pid 8356] +++ killed by SIGSEGV +++ [pid 8364] <... close resumed>) = 0 [pid 8361] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8360] <... chdir resumed>) = 0 [pid 8357] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8364] mkdir("./file1", 0777 [pid 8360] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8356, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- ./strace-static-x86_64: Process 8365 attached [pid 8364] <... mkdir resumed>) = 0 [pid 8361] <... openat resumed>) = 4 [pid 8360] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8361] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8364] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8361] <... futex resumed>) = 1 [pid 8360] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8357] <... futex resumed>) = 0 [pid 8360] <... futex resumed>) = 1 [pid 8359] <... futex resumed>) = 0 [pid 8360] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8359] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8359] <... futex resumed>) = 0 [pid 8360] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8359] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8365] set_robust_list(0x55556b85b6a0, 24 [pid 8361] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8357] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8365] <... set_robust_list resumed>) = 0 [pid 8361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8357] <... futex resumed>) = 0 [ 206.024299][ T8358] exFAT-fs (loop1): error, data size is invalid(9000) [ 206.050486][ T8364] loop3: detected capacity change from 0 to 256 [ 206.050856][ T8358] exFAT-fs (loop1): Filesystem has been set read-only [pid 8365] chdir("./215" [pid 8361] mkdir("./file2", 0777 [pid 8360] <... openat resumed>) = 4 [pid 8357] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8360] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8365] <... chdir resumed>) = 0 [pid 8360] <... futex resumed>) = 1 [pid 8359] <... futex resumed>) = 0 [pid 8360] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8359] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8359] <... futex resumed>) = 0 [pid 8360] mkdir("./file2", 0777 [pid 8359] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8365 [pid 5831] umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8365] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8365] setpgid(0, 0 [pid 5831] openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8365] <... setpgid resumed>) = 0 [pid 5831] getdents64(3, [pid 8365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8365] <... openat resumed>) = 3 [pid 5831] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8365] write(3, "1000", 4) = 4 [pid 8365] close(3) = 0 [pid 8365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8365] write(1, "executing program\n", 18 [pid 5831] <... umount2 resumed>) = 0 executing program [pid 8365] <... write resumed>) = 18 [pid 5831] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8365] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8365] <... futex resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./221/file1", [pid 8365] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8365] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... openat resumed>) = 4 [pid 8365] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] newfstatat(4, "", [pid 8365] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8365] <... mprotect resumed>) = 0 [pid 5831] getdents64(4, [pid 8365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] getdents64(4, [pid 8365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8365] <... clone3 resumed> => {parent_tid=[8366]}, 88) = 8366 [pid 5831] close(4 [pid 8365] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... close resumed>) = 0 [pid 8365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] rmdir("./221/file1" [pid 8365] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8365] <... futex resumed>) = 0 [pid 5831] umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8365] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8357] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8366 attached [pid 8357] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8366] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8357] <... futex resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./221/binderfs", [pid 8366] <... rseq resumed>) = 0 [pid 8357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8366] set_robust_list(0x7f300ac489a0, 24 [pid 8357] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] unlink("./221/binderfs" [pid 8366] <... set_robust_list resumed>) = 0 [pid 8357] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... unlink resumed>) = 0 [pid 8366] rt_sigprocmask(SIG_SETMASK, [], [pid 8357] <... mprotect resumed>) = 0 [pid 5831] getdents64(3, [pid 8366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8366] memfd_create("syzkaller", 0 [pid 8361] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] close(3 [pid 8360] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8359] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./221" [pid 8359] <... futex resumed>) = 0 [pid 8366] <... memfd_create resumed>) = 3 [pid 8359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./222", 0777 [pid 8360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8359] <... mmap resumed>) = 0x7f300ac07000 [pid 8357] <... clone3 resumed> ) = ? [pid 5831] <... mkdir resumed>) = 0 [ 206.110112][ T8361] exFAT-fs (loop0): error, data size is invalid(9000) [ 206.121375][ T8360] exFAT-fs (loop4): error, data size is invalid(9000) [ 206.132778][ T8361] exFAT-fs (loop0): Filesystem has been set read-only [ 206.147273][ T8360] exFAT-fs (loop4): Filesystem has been set read-only ./strace-static-x86_64: Process 8367 attached [pid 8366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8361] +++ killed by SIGSEGV +++ [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8366] <... mmap resumed>) = 0x7f3002800000 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 8366] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] close(3 [pid 8360] +++ killed by SIGSEGV +++ [pid 8359] +++ killed by SIGSEGV +++ [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8367] +++ killed by SIGSEGV +++ [pid 8357] +++ killed by SIGSEGV +++ [pid 8366] <... write resumed>) = 131072 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8359, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8357, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8368 [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8366] munmap(0x7f3002800000, 138412032 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5830] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8368 attached [pid 8368] set_robust_list(0x55556b85b6a0, 24 [pid 8366] <... munmap resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8366] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 8368] <... set_robust_list resumed>) = 0 [pid 8366] <... openat resumed>) = 4 [pid 5834] umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8368] chdir("./222" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8368] <... chdir resumed>) = 0 [pid 8366] ioctl(4, LOOP_SET_FD, 3 [pid 5834] openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8368] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./220/file1", [pid 8368] <... prctl resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 8368] setpgid(0, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8368] <... setpgid resumed>) = 0 [pid 5834] getdents64(3, [pid 5830] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./220/file1" [pid 8368] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 8368] write(3, "1000", 4 [pid 5830] umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./220/binderfs") = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./220") = 0 [pid 8364] <... mount resumed>) = 0 [pid 5830] mkdir("./221", 0777 [pid 8368] <... write resumed>) = 4 [pid 5834] <... umount2 resumed>) = 0 [pid 8368] close(3 [pid 5834] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5830] <... mkdir resumed>) = 0 [pid 8368] <... close resumed>) = 0 [pid 8366] <... ioctl resumed>) = 0 [pid 8364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] newfstatat(AT_FDCWD, "./218/file1", [pid 8368] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8366] close(3 [pid 8364] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8364] chdir("./file1" [pid 5830] <... openat resumed>) = 3 [pid 8364] <... chdir resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8366] <... close resumed>) = 0 [pid 8364] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8366] close(4 [pid 8364] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = 0 [pid 8368] <... symlink resumed>) = 0 [pid 8366] <... close resumed>) = 0 [pid 8364] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8368] write(1, "executing program\n", 18 [pid 8366] mkdir("./file1", 0777 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8368] <... write resumed>) = 18 [pid 8362] <... futex resumed>) = 0 [pid 8362] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8362] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8364] <... futex resumed>) = 1 [pid 8368] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8364] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 206.184239][ T8364] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 206.219637][ T8366] loop2: detected capacity change from 0 to 256 [pid 5834] openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(3 [pid 8368] <... futex resumed>) = 0 [pid 8364] <... openat resumed>) = 4 [pid 5834] <... openat resumed>) = 4 [pid 8368] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8364] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8362] <... futex resumed>) = 0 [pid 8368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8364] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8362] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(4, "", [pid 5830] <... close resumed>) = 0 [pid 8362] <... futex resumed>) = 0 [pid 8368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8366] <... mkdir resumed>) = 0 [pid 8364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8362] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] getdents64(4, [pid 8368] <... mmap resumed>) = 0x7f300ac28000 [pid 8364] mkdir("./file2", 0777 [pid 8368] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8368] <... mprotect resumed>) = 0 [pid 8366] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] getdents64(4, [pid 8368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] close(4 [pid 8368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8369 attached [pid 5834] <... close resumed>) = 0 [pid 8369] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8368] <... clone3 resumed> => {parent_tid=[8369]}, 88) = 8369 [pid 5834] rmdir("./218/file1" [pid 8368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8369] <... rseq resumed>) = 0 [pid 8368] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8369] set_robust_list(0x7f300ac489a0, 24 [pid 8368] <... futex resumed>) = 0 [pid 8369] <... set_robust_list resumed>) = 0 [pid 5834] umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8369] rt_sigprocmask(SIG_SETMASK, [], [pid 8368] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8370 attached [pid 8369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8370] set_robust_list(0x55556b85b6a0, 24 [pid 8369] memfd_create("syzkaller", 0 [pid 8364] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] newfstatat(AT_FDCWD, "./218/binderfs", [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8370 [pid 8370] <... set_robust_list resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8370] chdir("./221" [pid 5834] unlink("./218/binderfs" [pid 8370] <... chdir resumed>) = 0 [pid 8369] <... memfd_create resumed>) = 3 [pid 8370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 206.276664][ T8364] exFAT-fs (loop3): error, data size is invalid(9000) [ 206.302668][ T8364] exFAT-fs (loop3): Filesystem has been set read-only [pid 8362] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... unlink resumed>) = 0 [pid 8370] <... prctl resumed>) = 0 [pid 8369] <... mmap resumed>) = 0x7f3002800000 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8370] setpgid(0, 0 [pid 8369] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8364] +++ killed by SIGSEGV +++ [pid 8362] +++ killed by SIGSEGV +++ [pid 5834] close(3 [pid 8370] <... setpgid resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8362, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8369] <... write resumed>) = 131072 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8369] munmap(0x7f3002800000, 138412032 [pid 8366] <... mount resumed>) = 0 [pid 5834] rmdir("./218" [pid 8369] <... munmap resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8369] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 8370] write(3, "1000", 4 [pid 8366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] mkdir("./219", 0777 [pid 5833] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8370] <... write resumed>) = 4 [pid 8366] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8370] close(3 [pid 5834] <... mkdir resumed>) = 0 [pid 8370] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 206.329572][ T8366] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8369] <... openat resumed>) = 4 [pid 8366] chdir("./file1" [pid 5834] <... openat resumed>) = 3 [pid 5833] getdents64(3, [pid 8369] ioctl(4, LOOP_SET_FD, 3 [pid 8366] <... chdir resumed>) = 0 [pid 8370] symlink("/dev/binderfs", "./binderfs" [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8366] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8370] <... symlink resumed>) = 0 [pid 8366] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 5834] <... ioctl resumed>) = 0 [pid 8370] write(1, "executing program\n", 18 [pid 8366] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 8370] <... write resumed>) = 18 [pid 8370] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8370] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5834] <... close resumed>) = 0 [pid 8370] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8370] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8366] <... futex resumed>) = 1 [pid 8365] <... futex resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... umount2 resumed>) = 0 [pid 8365] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8365] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8370] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8371 attached [pid 8370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8366] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8372 attached [pid 8366] <... openat resumed>) = 4 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8371 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8369] <... ioctl resumed>) = 0 [pid 8366] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./220/file1", [pid 8366] <... futex resumed>) = 1 [pid 8365] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8365] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8372] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8371] set_robust_list(0x55556b85b6a0, 24 [pid 8370] <... clone3 resumed> => {parent_tid=[8372]}, 88) = 8372 [pid 8369] close(3 [pid 8366] mkdir("./file2", 0777 [pid 8365] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8365] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8372] <... rseq resumed>) = 0 [pid 8371] <... set_robust_list resumed>) = 0 [pid 8370] rt_sigprocmask(SIG_SETMASK, [], [pid 8372] set_robust_list(0x7f300ac489a0, 24 [pid 8371] chdir("./219" [pid 8372] <... set_robust_list resumed>) = 0 [pid 8370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8372] rt_sigprocmask(SIG_SETMASK, [], [pid 8371] <... chdir resumed>) = 0 [pid 8372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8370] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8372] memfd_create("syzkaller", 0 [pid 8371] <... prctl resumed>) = 0 [pid 8370] <... futex resumed>) = 0 [pid 8372] <... memfd_create resumed>) = 3 [pid 8371] setpgid(0, 0 [pid 8370] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8371] <... setpgid resumed>) = 0 [pid 8372] <... mmap resumed>) = 0x7f3002800000 [pid 8371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8372] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8371] <... openat resumed>) = 3 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", [pid 8371] write(3, "1000", 4 [pid 8369] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8371] <... write resumed>) = 4 [pid 8369] close(4 [pid 5833] getdents64(4, [pid 8371] close(3) = 0 [pid 8369] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8371] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8369] mkdir("./file1", 0777 [pid 5833] getdents64(4, [pid 8372] <... write resumed>) = 131072 [pid 8371] write(1, "executing program\n", 18 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8371] <... write resumed>) = 18 [pid 8371] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8369] <... mkdir resumed>) = 0 [pid 5833] close(4 [pid 8371] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8372] munmap(0x7f3002800000, 138412032 [pid 8371] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] rmdir("./220/file1" [pid 8372] <... munmap resumed>) = 0 [pid 8371] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8369] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8372] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8372] <... openat resumed>) = 4 [pid 8371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] newfstatat(AT_FDCWD, "./220/binderfs", [pid 8371] <... mmap resumed>) = 0x7f300ac28000 [pid 8371] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 206.375528][ T8369] loop1: detected capacity change from 0 to 256 [ 206.401875][ T8366] exFAT-fs (loop2): error, data size is invalid(9000) [pid 8372] ioctl(4, LOOP_SET_FD, 3 [pid 8371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] unlink("./220/binderfs" [pid 8371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8373]}, 88) = 8373 [pid 5833] <... unlink resumed>) = 0 [pid 8371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8371] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8373 attached [pid 8371] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8373] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8373] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8373] memfd_create("syzkaller", 0 [pid 5833] getdents64(3, [pid 8373] <... memfd_create resumed>) = 3 [pid 8373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 8373] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... close resumed>) = 0 [pid 8365] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./220" [pid 8372] <... ioctl resumed>) = 0 [pid 8372] close(3) = 0 [pid 8372] close(4) = 0 [pid 8372] mkdir("./file1", 0777) = 0 [pid 8373] <... write resumed>) = 131072 [pid 8373] munmap(0x7f3002800000, 138412032 [pid 8372] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8373] <... munmap resumed>) = 0 [pid 8365] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8373] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8365] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] mkdir("./221", 0777 [pid 8365] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... mkdir resumed>) = 0 [pid 8373] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8373] ioctl(4, LOOP_SET_FD, 3 [pid 8365] <... mprotect resumed>) = 0 [ 206.426848][ T8372] loop0: detected capacity change from 0 to 256 [ 206.430100][ T8366] exFAT-fs (loop2): Filesystem has been set read-only [ 206.456206][ T8369] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8366] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... ioctl resumed>) = 0 [pid 8369] <... mount resumed>) = 0 [pid 5833] close(3./strace-static-x86_64: Process 8374 attached [pid 8374] +++ killed by SIGSEGV +++ [pid 8366] +++ killed by SIGSEGV +++ [pid 8373] <... ioctl resumed>) = 0 [pid 8365] <... clone3 resumed> ) = ? [pid 5833] <... close resumed>) = 0 [pid 8369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8365] +++ killed by SIGSEGV +++ [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8373] close(3) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8365, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- ./strace-static-x86_64: Process 8375 attached [pid 8373] close(4 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8375 [pid 8375] set_robust_list(0x55556b85b6a0, 24 [pid 8373] <... close resumed>) = 0 [pid 5832] umount2("./215", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8373] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8373] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8375] <... set_robust_list resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8369] <... openat resumed>) = 3 [pid 8373] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] newfstatat(3, "", [pid 8369] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8375] chdir("./221" [pid 8369] <... chdir resumed>) = 0 [pid 8375] <... chdir resumed>) = 0 [pid 8369] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] getdents64(3, [pid 8369] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./215/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8375] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8369] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = 0 [pid 8369] <... futex resumed>) = 1 [pid 8375] <... prctl resumed>) = 0 [pid 8368] <... futex resumed>) = 0 [pid 8375] setpgid(0, 0 [pid 8368] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8368] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./215/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./215/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8375] <... setpgid resumed>) = 0 [pid 8369] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] umount2("./215/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./215/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8375] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 4 [pid 8375] write(3, "1000", 4 [pid 5832] newfstatat(4, "", [pid 8375] <... write resumed>) = 4 [pid 8369] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8375] close(3 [pid 5832] getdents64(4, [pid 8375] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8369] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 206.481831][ T8373] loop4: detected capacity change from 0 to 256 [ 206.507115][ T8372] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8375] symlink("/dev/binderfs", "./binderfs" [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 8375] <... symlink resumed>) = 0 [pid 8372] <... mount resumed>) = 0 [pid 8369] <... futex resumed>) = 1 [pid 8368] <... futex resumed>) = 0 [pid 8368] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./215/file1" [pid 8368] <... futex resumed>) = 0 [pid 8368] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./215/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./215/binderfs", [pid 8375] write(1, "executing program\n", 18 [pid 8372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8369] mkdir("./file2", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./215/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./215") = 0 [pid 5832] mkdir("./216", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3executing program ) = 0 [pid 8375] <... write resumed>) = 18 [pid 8373] <... mount resumed>) = 0 [pid 8372] <... openat resumed>) = 3 [pid 8375] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8372] chdir("./file1" [pid 8375] <... futex resumed>) = 0 [pid 8372] <... chdir resumed>) = 0 [pid 8375] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8372] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8375] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8372] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8369] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8372] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8372] <... futex resumed>) = 1 [pid 8375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8372] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8375] <... mmap resumed>) = 0x7f300ac28000 [pid 8373] <... openat resumed>) = 3 [pid 8370] <... futex resumed>) = 0 [pid 8369] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8375] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8373] chdir("./file1" [pid 8370] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8376 [pid 8375] <... mprotect resumed>) = 0 [pid 8368] <... futex resumed>) = ? [pid 8373] <... chdir resumed>) = 0 [pid 8370] <... futex resumed>) = 1 [pid 8375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8372] <... futex resumed>) = 0 [pid 8375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8373] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8372] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8370] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8373] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8373] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8371] <... futex resumed>) = 0 [pid 8369] +++ killed by SIGSEGV +++ [pid 8368] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8376 attached [pid 8375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8373] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8371] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8377 attached [pid 8376] set_robust_list(0x55556b85b6a0, 24 [pid 8372] <... openat resumed>) = 4 [pid 8371] <... futex resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8368, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8377] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8376] <... set_robust_list resumed>) = 0 [pid 8375] <... clone3 resumed> => {parent_tid=[8377]}, 88) = 8377 [pid 8373] <... openat resumed>) = 4 [pid 8372] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8371] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8377] <... rseq resumed>) = 0 [pid 8376] chdir("./216" [pid 8375] rt_sigprocmask(SIG_SETMASK, [], [pid 8373] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8372] <... futex resumed>) = 1 [pid 8371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8370] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8377] set_robust_list(0x7f300ac489a0, 24 [pid 8376] <... chdir resumed>) = 0 [pid 8375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8373] <... futex resumed>) = 0 [ 206.551708][ T8373] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 206.580526][ T8369] exFAT-fs (loop1): error, data size is invalid(9000) [ 206.587341][ T8369] exFAT-fs (loop1): Filesystem has been set read-only [pid 8372] mkdir("./file2", 0777 [pid 8371] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8377] <... set_robust_list resumed>) = 0 [pid 8376] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8375] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8373] mkdir("./file2", 0777 [pid 8371] <... futex resumed>) = 0 [pid 8370] <... futex resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8377] rt_sigprocmask(SIG_SETMASK, [], [pid 8376] <... prctl resumed>) = 0 [pid 8375] <... futex resumed>) = 0 [pid 8371] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8376] setpgid(0, 0 [pid 8375] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] newfstatat(3, "", [pid 8377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8376] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8377] memfd_create("syzkaller", 0 [pid 8376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8370] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8376] <... openat resumed>) = 3 [pid 8377] <... memfd_create resumed>) = 3 [pid 8376] write(3, "1000", 4 [pid 8377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8376] <... write resumed>) = 4 [pid 8376] close(3 [pid 8377] <... mmap resumed>) = 0x7f3002800000 [pid 8376] <... close resumed>) = 0 [pid 8377] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8376] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./222/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 8376] write(1, "executing program\n", 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8377] <... write resumed>) = 131072 [pid 8376] <... write resumed>) = 18 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./222/file1" [pid 8377] munmap(0x7f3002800000, 138412032 [pid 8376] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8376] <... futex resumed>) = 0 [pid 8372] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8377] <... munmap resumed>) = 0 [pid 8376] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8377] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8376] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8377] <... openat resumed>) = 4 [pid 8376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] newfstatat(AT_FDCWD, "./222/binderfs", [pid 8376] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./222/binderfs" [pid 8376] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 8376] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... close resumed>) = 0 [pid 8377] ioctl(4, LOOP_SET_FD, 3 [pid 8376] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8373] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8370] <... futex resumed>) = ? [pid 8376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] rmdir("./222" [pid 8371] <... futex resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./223", 0777) = 0 [pid 8373] +++ killed by SIGSEGV +++ [pid 8371] +++ killed by SIGSEGV +++ [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8371, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [ 206.626543][ T8372] exFAT-fs (loop0): error, data size is invalid(9000) [ 206.628336][ T8373] exFAT-fs (loop4): error, data size is invalid(9000) [ 206.646529][ T8372] exFAT-fs (loop0): Filesystem has been set read-only [ 206.658310][ T8373] exFAT-fs (loop4): Filesystem has been set read-only [pid 5831] close(3./strace-static-x86_64: Process 8378 attached [pid 5834] <... restart_syscall resumed>) = 0 [pid 8378] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8376] <... clone3 resumed> => {parent_tid=[8378]}, 88) = 8378 [pid 8378] <... rseq resumed>) = 0 [pid 8376] rt_sigprocmask(SIG_SETMASK, [], [pid 8372] +++ killed by SIGSEGV +++ [pid 8370] +++ killed by SIGSEGV +++ [pid 5834] umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8378] set_robust_list(0x7f300ac489a0, 24 [pid 8376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8370, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8378] <... set_robust_list resumed>) = 0 [pid 8376] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8378] rt_sigprocmask(SIG_SETMASK, [], [pid 8376] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 8378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8376] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8378] memfd_create("syzkaller", 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8378] <... memfd_create resumed>) = 3 [pid 8378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 ./strace-static-x86_64: Process 8379 attached [pid 8378] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] newfstatat(3, "", [pid 8379] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8379] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(3, [pid 8379] chdir("./223" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8379] <... chdir resumed>) = 0 [pid 5834] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8379] setpgid(0, 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8379] <... setpgid resumed>) = 0 [pid 5834] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8379] <... openat resumed>) = 3 [pid 5834] newfstatat(AT_FDCWD, "./219/file1", [pid 8379] write(3, "1000", 4) = 4 [pid 8377] <... ioctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8379] close(3 [pid 8377] close(3 [pid 5834] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8379] <... close resumed>) = 0 [pid 8377] <... close resumed>) = 0 [pid 8379] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8377] close(4 [pid 8379] <... symlink resumed>) = 0 [pid 8377] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8377] mkdir("./file1", 0777 [pid 5834] <... openat resumed>) = 4 [pid 8378] <... write resumed>) = 131072 [pid 8379] write(1, "executing program\n", 18 [pid 8377] <... mkdir resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8379 executing program [pid 8379] <... write resumed>) = 18 [pid 8378] munmap(0x7f3002800000, 138412032 [pid 8379] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8378] <... munmap resumed>) = 0 [pid 8379] <... futex resumed>) = 0 [pid 8378] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8377] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8379] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8378] <... openat resumed>) = 4 [pid 8379] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8378] ioctl(4, LOOP_SET_FD, 3 [pid 8379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 206.718007][ T8377] loop3: detected capacity change from 0 to 256 [pid 5830] openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... openat resumed>) = 3 [pid 8379] <... mmap resumed>) = 0x7f300ac28000 [pid 8379] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8380]}, 88) = 8380 [pid 8379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8379] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8379] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8380 attached [pid 5834] getdents64(4, [pid 5830] newfstatat(3, "", [pid 8380] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8380] <... rseq resumed>) = 0 [pid 5834] getdents64(4, [pid 8380] set_robust_list(0x7f300ac489a0, 24 [pid 8378] <... ioctl resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 8380] <... set_robust_list resumed>) = 0 [pid 5834] close(4 [pid 8380] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8380] memfd_create("syzkaller", 0 [pid 8378] close(3 [pid 5834] rmdir("./219/file1" [pid 5830] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8380] <... memfd_create resumed>) = 3 [pid 8378] <... close resumed>) = 0 [pid 8380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8378] close(4 [pid 5834] <... rmdir resumed>) = 0 [pid 8380] <... mmap resumed>) = 0x7f3002800000 [pid 8378] <... close resumed>) = 0 [pid 8378] mkdir("./file1", 0777) = 0 [pid 8380] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8378] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8380] <... write resumed>) = 131072 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 8380] munmap(0x7f3002800000, 138412032 [pid 5834] newfstatat(AT_FDCWD, "./219/binderfs", [pid 5830] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8380] <... munmap resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] unlink("./219/binderfs" [pid 5830] newfstatat(AT_FDCWD, "./221/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5830] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8380] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8380] <... openat resumed>) = 4 [pid 5834] getdents64(3, [pid 5830] openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8380] ioctl(4, LOOP_SET_FD, 3 [pid 8377] <... mount resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 4 [ 206.767421][ T8378] loop2: detected capacity change from 0 to 256 [ 206.769544][ T8377] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8377] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8380] <... ioctl resumed>) = 0 [pid 5834] close(3 [pid 5830] newfstatat(4, "", [pid 8377] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 8380] close(3 [pid 5834] rmdir("./219" [pid 8380] <... close resumed>) = 0 [pid 8377] chdir("./file1" [pid 5834] <... rmdir resumed>) = 0 [pid 8380] close(4 [pid 8377] <... chdir resumed>) = 0 [pid 8380] <... close resumed>) = 0 [pid 8377] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8380] mkdir("./file1", 0777 [pid 8377] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8380] <... mkdir resumed>) = 0 [pid 8377] <... futex resumed>) = 1 [pid 8375] <... futex resumed>) = 0 [pid 5834] mkdir("./220", 0777 [pid 8375] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8375] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8377] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... mkdir resumed>) = 0 [pid 8380] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] getdents64(4, [pid 8378] <... mount resumed>) = 0 [pid 8377] <... openat resumed>) = 4 [pid 5834] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 8378] <... openat resumed>) = 3 [pid 8377] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 8378] chdir("./file1" [pid 8377] <... futex resumed>) = 1 [pid 8375] <... futex resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5830] rmdir("./221/file1" [pid 8378] <... chdir resumed>) = 0 [pid 8377] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8375] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 8378] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8375] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8378] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8377] mkdir("./file2", 0777 [pid 8375] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8378] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8378] <... futex resumed>) = 1 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8378] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] newfstatat(AT_FDCWD, "./221/binderfs", [pid 8376] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8376] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8381 [pid 5830] unlink("./221/binderfs" [pid 8376] <... futex resumed>) = 1 [ 206.816846][ T8380] loop1: detected capacity change from 0 to 256 [ 206.834541][ T8378] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8376] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8381 attached [pid 8378] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8378] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./221" [pid 8381] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... rmdir resumed>) = 0 [pid 8381] <... set_robust_list resumed>) = 0 [pid 8378] <... openat resumed>) = 4 [pid 5830] mkdir("./222", 0777 [pid 8381] chdir("./220") = 0 [pid 8381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8381] setpgid(0, 0) = 0 [pid 8381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8381] write(3, "1000", 4 [pid 5830] <... mkdir resumed>) = 0 [pid 8381] <... write resumed>) = 4 [pid 8378] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8378] <... futex resumed>) = 1 [pid 8376] <... futex resumed>) = 0 [pid 8378] mkdir("./file2", 0777 [pid 8376] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... openat resumed>) = 3 [pid 8381] close(3) = 0 [pid 8381] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8378] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8376] <... futex resumed>) = 0 [pid 8375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8376] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 8375] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8375] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5830] <... close resumed>) = 0 [pid 8375] <... clone3 resumed> => {parent_tid=[8382]}, 88) = 8382 [pid 8375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8375] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8375] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8381] write(1, "executing program\n", 18) = 18 [pid 8381] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8381] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8382 attached [pid 8381] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8382] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8382] <... rseq resumed>) = 0 [pid 8381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8382] set_robust_list(0x7f300ac279a0, 24 [pid 8381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8382] <... set_robust_list resumed>) = 0 [pid 8381] <... mmap resumed>) = 0x7f300ac28000 [pid 8382] rt_sigprocmask(SIG_SETMASK, [], [pid 8381] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8381] <... mprotect resumed>) = 0 [pid 8382] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8384]}, 88) = 8384 [pid 8381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8381] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8381] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8384 attached [pid 8384] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8383 ./strace-static-x86_64: Process 8383 attached [ 206.884274][ T8377] exFAT-fs (loop3): error, data size is invalid(9000) [ 206.910353][ T8378] exFAT-fs (loop2): error, data size is invalid(9000) [ 206.914103][ T8377] exFAT-fs (loop3): Filesystem has been set read-only [ 206.917167][ T8378] exFAT-fs (loop2): Filesystem has been set read-only [pid 8384] <... rseq resumed>) = 0 [pid 8382] <... ioctl resumed>) = 0 [pid 8384] set_robust_list(0x7f300ac489a0, 24 [pid 8382] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8384] <... set_robust_list resumed>) = 0 [pid 8382] <... futex resumed>) = 1 [pid 8375] <... futex resumed>) = 0 [pid 8384] rt_sigprocmask(SIG_SETMASK, [], [pid 8382] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8384] memfd_create("syzkaller", 0) = 3 [pid 8384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8384] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8383] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8383] chdir("./222" [pid 8376] <... futex resumed>) = ? [pid 8384] <... write resumed>) = 131072 [pid 8378] +++ killed by SIGSEGV +++ [pid 8376] +++ killed by SIGSEGV +++ [pid 8384] munmap(0x7f3002800000, 138412032 [pid 8383] <... chdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8376, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8384] <... munmap resumed>) = 0 [pid 8383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8377] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8384] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8377] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8384] <... openat resumed>) = 4 [pid 8382] <... futex resumed>) = ? [pid 8384] ioctl(4, LOOP_SET_FD, 3 [pid 8383] <... prctl resumed>) = 0 [pid 8382] +++ killed by SIGSEGV +++ [pid 8383] setpgid(0, 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8383] <... setpgid resumed>) = 0 [pid 5832] umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8384] <... ioctl resumed>) = 0 [pid 8380] <... mount resumed>) = 0 [pid 8377] +++ killed by SIGSEGV +++ [pid 8375] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8384] close(3 [pid 8383] <... openat resumed>) = 3 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8375, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8384] <... close resumed>) = 0 [pid 8383] write(3, "1000", 4 [pid 8380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8384] close(4 [pid 8383] <... write resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 8384] <... close resumed>) = 0 [pid 8383] close(3 [pid 5832] newfstatat(3, "", [pid 8384] mkdir("./file1", 0777 [pid 8383] <... close resumed>) = 0 [pid 5833] umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8384] <... mkdir resumed>) = 0 [pid 8383] symlink("/dev/binderfs", "./binderfs" [pid 8380] <... openat resumed>) = 3 executing program [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 8384] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8383] <... symlink resumed>) = 0 [pid 8380] chdir("./file1" [pid 5833] openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8383] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8383] <... write resumed>) = 18 [pid 5833] <... openat resumed>) = 3 [pid 5832] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8383] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8380] <... chdir resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8380] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8380] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8383] <... futex resumed>) = 0 [pid 8380] <... futex resumed>) = 1 [pid 8379] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 5832] <... umount2 resumed>) = 0 [pid 8383] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8380] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8379] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8383] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8379] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8379] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] newfstatat(AT_FDCWD, "./216/file1", [pid 8383] <... mmap resumed>) = 0x7f300ac28000 [pid 8380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8383] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [ 206.968172][ T8380] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 206.993915][ T8384] loop4: detected capacity change from 0 to 256 [pid 8380] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8383] <... mprotect resumed>) = 0 [pid 8380] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8380] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8379] <... futex resumed>) = 0 [pid 8379] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = 0 [pid 8379] <... futex resumed>) = 0 [pid 8383] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8380] mkdir("./file2", 0777 [pid 8379] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8383] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./216/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8385 attached [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./216/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8385] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8383] <... clone3 resumed> => {parent_tid=[8385]}, 88) = 8385 [pid 5833] newfstatat(AT_FDCWD, "./221/file1", [pid 8385] <... rseq resumed>) = 0 [pid 8383] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... openat resumed>) = 4 [pid 8385] set_robust_list(0x7f300ac489a0, 24 [pid 8383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(4, "", [pid 8385] <... set_robust_list resumed>) = 0 [pid 8383] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8385] rt_sigprocmask(SIG_SETMASK, [], [pid 8383] <... futex resumed>) = 0 [pid 8385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8383] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8385] memfd_create("syzkaller", 0 [pid 5833] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8385] <... memfd_create resumed>) = 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 8385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8385] <... mmap resumed>) = 0x7f3002800000 [pid 5833] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 8385] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(4 [pid 5833] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] rmdir("./216/file1" [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5833] close(4 [pid 5832] umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] rmdir("./221/file1" [pid 5832] newfstatat(AT_FDCWD, "./216/binderfs", [pid 8385] <... write resumed>) = 131072 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8385] munmap(0x7f3002800000, 138412032 [pid 5833] umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./216/binderfs" [pid 8385] <... munmap resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8385] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./221/binderfs" [pid 8385] <... openat resumed>) = 4 [pid 8384] <... mount resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8385] ioctl(4, LOOP_SET_FD, 3 [ 207.050953][ T8384] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 207.064910][ T8380] exFAT-fs (loop1): error, data size is invalid(9000) [ 207.089359][ T8380] exFAT-fs (loop1): Filesystem has been set read-only [pid 5833] getdents64(3, [pid 8384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8384] chdir("./file1") = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8384] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 8384] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... close resumed>) = 0 [pid 8384] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8381] <... futex resumed>) = 0 [pid 8384] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8381] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8379] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] rmdir("./221" [pid 5832] getdents64(3, [pid 8381] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8379] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8379] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8379] <... mprotect resumed>) = 0 [pid 5833] mkdir("./222", 0777 [pid 5832] close(3 [pid 8379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8386 attached [pid 8385] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 8384] <... openat resumed>) = 4 [pid 8379] <... clone3 resumed> => {parent_tid=[8386]}, 88) = 8386 [pid 5832] rmdir("./216" [pid 5833] <... openat resumed>) = 3 [pid 8379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8379] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8379] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8384] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8380] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] <... rmdir resumed>) = 0 [pid 8386] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8385] close(3 [pid 8384] <... futex resumed>) = 1 [pid 8381] <... futex resumed>) = 0 [pid 8380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... ioctl resumed>) = 0 [pid 5832] mkdir("./217", 0777 [pid 8386] <... rseq resumed>) = 0 [pid 8385] <... close resumed>) = 0 [pid 8381] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 8381] <... futex resumed>) = 0 [pid 8381] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = 0 [pid 8385] close(4 [pid 8384] mkdir("./file2", 0777 [pid 5833] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8385] <... close resumed>) = 0 [pid 8379] <... futex resumed>) = ? [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8386] +++ killed by SIGSEGV +++ [pid 8385] mkdir("./file1", 0777./strace-static-x86_64: Process 8387 attached ) = 0 [pid 8380] +++ killed by SIGSEGV +++ [pid 8379] +++ killed by SIGSEGV +++ [pid 5832] <... openat resumed>) = 3 [pid 8387] set_robust_list(0x55556b85b6a0, 24 [pid 8385] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8387 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8379, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8387] <... set_robust_list resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5831] umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8387] chdir("./222" [pid 5831] openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8387] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] newfstatat(3, "", [pid 8387] setpgid(0, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8387] <... setpgid resumed>) = 0 [pid 8387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [ 207.102677][ T8385] loop0: detected capacity change from 0 to 256 [ 207.135767][ T8384] exFAT-fs (loop4): error, data size is invalid(9000) [pid 5831] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8384] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8387] <... openat resumed>) = 3 [pid 8384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8381] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8384] +++ killed by SIGSEGV +++ [pid 8381] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8381, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8387] write(3, "1000", 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8387] <... write resumed>) = 4 ./strace-static-x86_64: Process 8388 attached [pid 8387] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] set_robust_list(0x55556b85b6a0, 24 [pid 5831] newfstatat(AT_FDCWD, "./223/file1", [pid 8388] <... set_robust_list resumed>) = 0 [pid 8387] <... close resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8388 [pid 8388] chdir("./217" [pid 8387] symlink("/dev/binderfs", "./binderfs" [pid 8385] <... mount resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8388] <... chdir resumed>) = 0 [pid 8387] <... symlink resumed>) = 0 [pid 8385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY executing program [pid 5831] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8387] write(1, "executing program\n", 18 [pid 8385] <... openat resumed>) = 3 [pid 5834] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8387] <... write resumed>) = 18 [pid 8385] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8388] <... prctl resumed>) = 0 [pid 8387] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8385] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 8388] setpgid(0, 0 [pid 8387] <... futex resumed>) = 0 [pid 8385] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... openat resumed>) = 3 [ 207.150168][ T8384] exFAT-fs (loop4): Filesystem has been set read-only [ 207.164417][ T8385] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] newfstatat(4, "", [pid 8388] <... setpgid resumed>) = 0 [pid 8387] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8385] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] newfstatat(3, "", [pid 8388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8387] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8385] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8385] <... futex resumed>) = 1 [pid 8383] <... futex resumed>) = 0 [pid 5834] getdents64(3, [pid 5831] getdents64(4, [pid 8388] <... openat resumed>) = 3 [pid 8387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8385] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8383] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8383] <... futex resumed>) = 0 [pid 5834] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 8388] write(3, "1000", 4 [pid 8387] <... mmap resumed>) = 0x7f300ac28000 [pid 8385] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8383] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8388] <... write resumed>) = 4 [pid 8387] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 8388] close(3 [pid 8387] <... mprotect resumed>) = 0 [pid 8385] <... openat resumed>) = 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8388] <... close resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./220/file1", [pid 5831] <... close resumed>) = 0 [pid 8388] symlink("/dev/binderfs", "./binderfs" [pid 8387] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8385] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./223/file1" [pid 5834] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8388] <... symlink resumed>) = 0 [pid 8387] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8383] <... futex resumed>) = 0 [pid 8385] <... futex resumed>) = 1 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 8388] write(1, "executing program\n", 18 [pid 8387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8385] mkdir("./file2", 0777 [pid 8383] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8388] <... write resumed>) = 18 [pid 8383] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, ./strace-static-x86_64: Process 8389 attached [pid 8388] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8383] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8389] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8388] <... futex resumed>) = 0 [pid 8387] <... clone3 resumed> => {parent_tid=[8389]}, 88) = 8389 [pid 5831] newfstatat(AT_FDCWD, "./223/binderfs", [pid 8389] <... rseq resumed>) = 0 [pid 8388] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8387] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./220/file1") = 0 [pid 8389] set_robust_list(0x7f300ac489a0, 24 [pid 8388] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8385] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8389] <... set_robust_list resumed>) = 0 [pid 8388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8387] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8385] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] unlink("./223/binderfs" [pid 8389] rt_sigprocmask(SIG_SETMASK, [], [pid 8388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8387] <... futex resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8387] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] getdents64(3, [pid 5834] umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8389] memfd_create("syzkaller", 0 [pid 8388] <... mmap resumed>) = 0x7f300ac28000 [pid 8383] <... futex resumed>) = ? [pid 5834] newfstatat(AT_FDCWD, "./220/binderfs", [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8388] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8385] +++ killed by SIGSEGV +++ [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./220/binderfs") = 0 [pid 5834] getdents64(3, [pid 8389] <... memfd_create resumed>) = 3 [pid 8388] <... mprotect resumed>) = 0 [pid 8383] +++ killed by SIGSEGV +++ [pid 5831] close(3 [pid 8389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8388] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... close resumed>) = 0 [pid 8389] <... mmap resumed>) = 0x7f3002800000 [pid 8388] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] close(3 [pid 5831] rmdir("./223" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8383, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8390 attached [pid 5831] mkdir("./224", 0777 [pid 8390] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8389] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8388] <... clone3 resumed> => {parent_tid=[8390]}, 88) = 8390 [pid 5831] <... mkdir resumed>) = 0 [pid 8390] <... rseq resumed>) = 0 [pid 8388] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] rmdir("./220" [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8390] set_robust_list(0x7f300ac489a0, 24 [pid 8388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8390] <... set_robust_list resumed>) = 0 [ 207.238295][ T8385] exFAT-fs (loop0): error, data size is invalid(9000) [ 207.252631][ T8385] exFAT-fs (loop0): Filesystem has been set read-only [pid 8388] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8390] rt_sigprocmask(SIG_SETMASK, [], [pid 8388] <... futex resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8388] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] close(3 [pid 8390] memfd_create("syzkaller", 0 [pid 8389] <... write resumed>) = 131072 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8390] <... memfd_create resumed>) = 3 [pid 8390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8390] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 8391 attached [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8391 [pid 8390] <... write resumed>) = 131072 [pid 8389] munmap(0x7f3002800000, 138412032 [pid 5834] mkdir("./221", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8391] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8391] chdir("./224" [pid 5834] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8391] <... chdir resumed>) = 0 [pid 8391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8391] setpgid(0, 0) = 0 [pid 8389] <... munmap resumed>) = 0 [pid 8391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 8390] munmap(0x7f3002800000, 138412032) = 0 [pid 8389] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 8391] <... openat resumed>) = 3 [pid 8389] <... openat resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8391] write(3, "1000", 4 [pid 5834] <... ioctl resumed>) = 0 [pid 8391] <... write resumed>) = 4 [pid 8391] close(3 [pid 5830] getdents64(3, [pid 8390] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8391] <... close resumed>) = 0 [pid 5834] close(3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8389] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8390] <... openat resumed>) = 4 [pid 8391] symlink("/dev/binderfs", "./binderfs" [pid 8390] ioctl(4, LOOP_SET_FD, 3 [pid 8391] <... symlink resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8391] write(1, "executing program\n", 18) = 18 [pid 8391] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8391] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8391] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8392]}, 88) = 8392 [pid 8391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8391] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8392 attached [pid 8391] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8392] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8392] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 executing program [pid 8392] memfd_create("syzkaller", 0) = 3 [pid 8392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8390] <... ioctl resumed>) = 0 [pid 8389] <... ioctl resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8393 attached [pid 8392] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8390] close(3 [pid 8389] close(3 [pid 5830] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8390] <... close resumed>) = 0 [pid 8389] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8390] close(4 [pid 8389] close(4 [pid 8393] set_robust_list(0x55556b85b6a0, 24 [pid 8390] <... close resumed>) = 0 [pid 8389] <... close resumed>) = 0 [pid 8390] mkdir("./file1", 0777 [pid 8389] mkdir("./file1", 0777 [pid 8393] <... set_robust_list resumed>) = 0 [pid 8390] <... mkdir resumed>) = 0 [pid 8389] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./222/file1", [pid 8393] chdir("./221" [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8393 [pid 8393] <... chdir resumed>) = 0 [pid 8389] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8390] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8393] setpgid(0, 0 [pid 8392] <... write resumed>) = 131072 [pid 5830] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8393] <... setpgid resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 207.320932][ T8390] loop2: detected capacity change from 0 to 256 [ 207.321877][ T8389] loop3: detected capacity change from 0 to 256 [pid 5830] openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8392] munmap(0x7f3002800000, 138412032 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 8393] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8393] write(3, "1000", 4 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8393] <... write resumed>) = 4 [pid 8393] close(3) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8393] symlink("/dev/binderfs", "./binderfs" [pid 5830] close(4 [pid 8393] <... symlink resumed>) = 0 [pid 8392] <... munmap resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./222/file1"executing program [pid 8393] write(1, "executing program\n", 18 [pid 8392] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 8393] <... write resumed>) = 18 [pid 8392] <... openat resumed>) = 4 [pid 5830] umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8393] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8393] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8392] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8393] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8394 attached [pid 8392] <... ioctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./222/binderfs" [pid 8394] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8393] <... clone3 resumed> => {parent_tid=[8394]}, 88) = 8394 [pid 5830] <... unlink resumed>) = 0 [pid 8394] <... rseq resumed>) = 0 [pid 8393] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(3, [pid 8394] set_robust_list(0x7f300ac489a0, 24 [pid 8393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8390] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8392] close(3 [pid 5830] close(3 [pid 8392] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8392] close(4 [pid 5830] rmdir("./222" [pid 8392] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8392] mkdir("./file1", 0777 [pid 5830] mkdir("./223", 0777 [pid 8392] <... mkdir resumed>) = 0 [pid 8392] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 207.387515][ T8392] loop1: detected capacity change from 0 to 256 [ 207.401795][ T8390] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 8394] <... set_robust_list resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8394] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8393] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8393] <... futex resumed>) = 0 [pid 8393] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8395 attached [pid 8394] memfd_create("syzkaller", 0 [pid 8390] <... openat resumed>) = 3 [pid 8394] <... memfd_create resumed>) = 3 [pid 8390] chdir("./file1" [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8395 [pid 8394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8390] <... chdir resumed>) = 0 [pid 8395] set_robust_list(0x55556b85b6a0, 24 [pid 8394] <... mmap resumed>) = 0x7f3002800000 [pid 8390] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8395] <... set_robust_list resumed>) = 0 [pid 8390] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8395] chdir("./223") = 0 [pid 8395] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8394] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8390] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... prctl resumed>) = 0 [pid 8390] <... futex resumed>) = 1 [pid 8388] <... futex resumed>) = 0 [pid 8395] setpgid(0, 0 [pid 8389] <... mount resumed>) = 0 [pid 8390] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8388] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... setpgid resumed>) = 0 [pid 8394] <... write resumed>) = 131072 [pid 8390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8388] <... futex resumed>) = 0 [pid 8395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8394] munmap(0x7f3002800000, 138412032 [pid 8390] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8389] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8388] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8395] <... openat resumed>) = 3 [pid 8390] <... openat resumed>) = 4 [pid 8395] write(3, "1000", 4) = 4 [pid 8390] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8389] <... openat resumed>) = 3 [pid 8395] close(3) = 0 [pid 8395] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8395] write(1, "executing program\n", 18) = 18 [pid 8395] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 207.429540][ T8389] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 207.456292][ T8392] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8395] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8394] <... munmap resumed>) = 0 [pid 8390] <... futex resumed>) = 1 [pid 8389] chdir("./file1" [pid 8388] <... futex resumed>) = 0 [pid 8395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8389] <... chdir resumed>) = 0 [pid 8388] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] mkdir("./file2", 0777 [pid 8389] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8388] <... futex resumed>) = 0 [pid 8395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8388] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8395] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8396 attached => {parent_tid=[8396]}, 88) = 8396 [pid 8396] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8395] rt_sigprocmask(SIG_SETMASK, [], [pid 8396] <... rseq resumed>) = 0 [pid 8395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8396] set_robust_list(0x7f300ac489a0, 24 [pid 8395] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8396] <... set_robust_list resumed>) = 0 [pid 8395] <... futex resumed>) = 0 [pid 8396] rt_sigprocmask(SIG_SETMASK, [], [pid 8395] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8396] memfd_create("syzkaller", 0) = 3 [pid 8392] <... mount resumed>) = 0 [pid 8396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8394] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8389] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8396] <... mmap resumed>) = 0x7f3002800000 [pid 8394] <... openat resumed>) = 4 [pid 8389] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8387] <... futex resumed>) = 0 [pid 8392] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8396] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8394] ioctl(4, LOOP_SET_FD, 3 [pid 8390] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8389] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8387] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8396] <... write resumed>) = 131072 [pid 8392] chdir("./file1") = 0 [pid 8392] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8392] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8392] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8396] munmap(0x7f3002800000, 138412032) = 0 [pid 8387] <... futex resumed>) = 0 [pid 8396] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8387] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8391] <... futex resumed>) = 0 [pid 8390] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8389] <... openat resumed>) = 4 [pid 8389] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8387] <... futex resumed>) = 0 [pid 8388] <... futex resumed>) = ? [pid 8389] mkdir("./file2", 0777 [pid 8387] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8391] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] <... futex resumed>) = 0 [pid 8387] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8396] <... openat resumed>) = 4 [ 207.501082][ T8390] exFAT-fs (loop2): error, data size is invalid(9000) [ 207.507888][ T8390] exFAT-fs (loop2): Filesystem has been set read-only [ 207.533388][ T8394] loop4: detected capacity change from 0 to 256 [pid 8396] ioctl(4, LOOP_SET_FD, 3 [pid 8394] <... ioctl resumed>) = 0 [pid 8392] <... futex resumed>) = 0 [pid 8391] <... futex resumed>) = 1 [pid 8394] close(3 [pid 8391] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8394] <... close resumed>) = 0 [pid 8392] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8394] close(4 [pid 8390] +++ killed by SIGSEGV +++ [pid 8388] +++ killed by SIGSEGV +++ [pid 8394] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8388, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8394] mkdir("./file1", 0777 [pid 8392] <... openat resumed>) = 4 [pid 8394] <... mkdir resumed>) = 0 [pid 8392] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8394] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8392] <... futex resumed>) = 1 [pid 8391] <... futex resumed>) = 0 [pid 8391] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 207.548242][ T8389] exFAT-fs (loop3): error, data size is invalid(9000) [ 207.551203][ T8396] loop0: detected capacity change from 0 to 256 [ 207.577769][ T8394] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 207.578982][ T8392] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8391] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8392] mkdir("./file2", 0777 [pid 5832] umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8396] <... ioctl resumed>) = 0 [pid 8394] <... mount resumed>) = 0 [pid 8387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8396] close(3 [pid 8394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8387] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8396] <... close resumed>) = 0 [pid 8387] <... futex resumed>) = 0 [pid 8396] close(4 [pid 8387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8387] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8396] <... close resumed>) = 0 [pid 8394] <... openat resumed>) = 3 [pid 8387] <... mprotect resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8396] mkdir("./file1", 0777 [pid 8394] chdir("./file1" [pid 8387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8394] <... chdir resumed>) = 0 [pid 8387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8394] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8397 attached ) = -1 EBUSY (Device or resource busy) [pid 5832] <... openat resumed>) = 3 [pid 8397] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8396] <... mkdir resumed>) = 0 [pid 8394] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] <... clone3 resumed> => {parent_tid=[8397]}, 88) = 8397 [ 207.596685][ T8389] exFAT-fs (loop3): Filesystem has been set read-only [pid 8397] <... rseq resumed>) = 0 [pid 8396] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8394] <... futex resumed>) = 1 [pid 8387] rt_sigprocmask(SIG_SETMASK, [], [pid 8397] set_robust_list(0x7f300ac279a0, 24 [pid 8394] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8393] <... futex resumed>) = 0 [pid 8392] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8389] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(3, "", [pid 8397] <... set_robust_list resumed>) = 0 [pid 8394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8393] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8392] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8391] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8387] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8397] rt_sigprocmask(SIG_SETMASK, [], [pid 8394] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8393] <... futex resumed>) = 0 [pid 8391] <... futex resumed>) = ? [pid 8389] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8387] <... futex resumed>) = 0 [pid 5832] getdents64(3, [pid 8397] <... rt_sigprocmask resumed> ) = ? [pid 8393] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8392] +++ killed by SIGSEGV +++ [pid 8391] +++ killed by SIGSEGV +++ [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8397] +++ killed by SIGSEGV +++ [pid 5832] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8391, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8394] <... openat resumed>) = 4 [pid 8394] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8394] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8389] +++ killed by SIGSEGV +++ [pid 8387] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8387, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8393] <... futex resumed>) = 0 [pid 8393] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8394] <... futex resumed>) = 0 [pid 8393] <... futex resumed>) = 1 [ 207.626224][ T8392] exFAT-fs (loop1): Filesystem has been set read-only [pid 8394] mkdir("./file2", 0777 [pid 8393] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5833] getdents64(3, [pid 5831] newfstatat(3, "", [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5833] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 8394] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8394] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8393] <... futex resumed>) = ? [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./224/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8394] +++ killed by SIGSEGV +++ [pid 8393] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8393, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 5834] umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5834] openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5834] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(4 [pid 5834] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] rmdir("./224/file1" [pid 5834] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./222/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./224/binderfs", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] newfstatat(AT_FDCWD, "./221/file1", [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./224/binderfs" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(AT_FDCWD, "./217/file1", [pid 5831] <... unlink resumed>) = 0 [pid 5834] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... openat resumed>) = 4 [pid 5831] getdents64(3, [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./217/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5834] openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] openat(AT_FDCWD, "./217/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] getdents64(4, [pid 5832] <... openat resumed>) = 4 [pid 5831] rmdir("./224" [pid 8396] <... mount resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 8396] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8396] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 8396] chdir("./file1" [pid 5834] getdents64(4, [pid 5833] rmdir("./222/file1" [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./225", 0777 [pid 8396] <... chdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 8396] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] rmdir("./217/file1" [pid 8396] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] close(4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8396] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8396] <... futex resumed>) = 1 [pid 8396] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8395] <... futex resumed>) = 0 [pid 5834] rmdir("./221/file1" [pid 5833] newfstatat(AT_FDCWD, "./222/binderfs", [pid 8395] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 8396] <... futex resumed>) = 0 [pid 8395] <... futex resumed>) = 1 [pid 8396] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8395] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./222/binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8396] <... openat resumed>) = 4 [pid 5834] umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... unlink resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./217/binderfs", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8396] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... ioctl resumed>) = 0 [ 207.675522][ T8394] exFAT-fs (loop4): error, data size is invalid(9000) [ 207.687178][ T8396] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 207.688666][ T8394] exFAT-fs (loop4): Filesystem has been set read-only [pid 8396] <... futex resumed>) = 1 [pid 8395] <... futex resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./221/binderfs", [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] unlink("./217/binderfs" [pid 5831] close(3 [pid 8396] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8395] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8396] mkdir("./file2", 0777 [pid 8395] <... futex resumed>) = 0 [pid 8395] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] unlink("./221/binderfs" [pid 5833] <... close resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5834] getdents64(3, [pid 5833] rmdir("./222" [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5834] close(3 [pid 5832] close(3 [pid 5834] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5834] rmdir("./221" [pid 5832] rmdir("./217" [pid 5834] <... rmdir resumed>) = 0 [pid 5833] mkdir("./223", 0777 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8398 attached [pid 8396] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] mkdir("./222", 0777 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] mkdir("./218", 0777 [pid 8398] set_robust_list(0x55556b85b6a0, 24 [pid 8396] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... mkdir resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... mkdir resumed>) = 0 [pid 8398] <... set_robust_list resumed>) = 0 [pid 8395] <... futex resumed>) = ? [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8398] chdir("./225" [pid 5834] <... openat resumed>) = 3 [pid 5833] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8398 [pid 8398] <... chdir resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5833] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8396] +++ killed by SIGSEGV +++ [pid 8395] +++ killed by SIGSEGV +++ [pid 8398] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8395, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] close(3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] close(3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8398] <... prctl resumed>) = 0 [pid 8398] setpgid(0, 0) = 0 [pid 8398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 8399 attached [pid 5832] <... close resumed>) = 0 [pid 8398] write(3, "1000", 4) = 4 [pid 8398] close(3) = 0 [pid 8398] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8398] write(1, "executing program\n", 18) = 18 [pid 8399] set_robust_list(0x55556b85b6a0, 24 [pid 8398] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8398] <... futex resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8399] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8398] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8398] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8399] chdir("./223" [pid 8398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 8400 attached [pid 8399] <... chdir resumed>) = 0 [pid 8398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8399 [pid 5830] <... openat resumed>) = 3 [pid 8399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8399] <... prctl resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8398] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 8401 attached [pid 8400] set_robust_list(0x55556b85b6a0, 24 [pid 8399] setpgid(0, 0 [pid 8398] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8400 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8398] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8400] <... set_robust_list resumed>) = 0 [pid 8399] <... setpgid resumed>) = 0 [pid 8398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] getdents64(3, ./strace-static-x86_64: Process 8402 attached [pid 8401] set_robust_list(0x55556b85b6a0, 24 [pid 8400] chdir("./218" [pid 8399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8401 [pid 8402] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8401] <... set_robust_list resumed>) = 0 [pid 8400] <... chdir resumed>) = 0 [pid 8399] <... openat resumed>) = 3 [pid 8398] <... clone3 resumed> => {parent_tid=[8402]}, 88) = 8402 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8400] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8399] write(3, "1000", 4 [pid 8400] <... prctl resumed>) = 0 [pid 8399] <... write resumed>) = 4 [pid 5830] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8399] close(3 [ 207.761067][ T8396] exFAT-fs (loop0): error, data size is invalid(9000) [ 207.767888][ T8396] exFAT-fs (loop0): Filesystem has been set read-only [pid 8400] setpgid(0, 0) = 0 [pid 8399] <... close resumed>) = 0 [pid 8398] rt_sigprocmask(SIG_SETMASK, [], [pid 8402] <... rseq resumed>) = 0 [pid 8401] chdir("./222" [pid 8400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8399] symlink("/dev/binderfs", "./binderfs" [pid 8398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] set_robust_list(0x7f300ac489a0, 24 [pid 8401] <... chdir resumed>) = 0 [pid 8398] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = 0 [pid 8402] <... set_robust_list resumed>) = 0 [pid 8401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8399] <... symlink resumed>) = 0 [pid 8398] <... futex resumed>) = 0 [pid 8402] rt_sigprocmask(SIG_SETMASK, [], [pid 8401] <... prctl resumed>) = 0 executing program [pid 8400] <... openat resumed>) = 3 [pid 8399] write(1, "executing program\n", 18 [pid 8398] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8401] setpgid(0, 0 [pid 8399] <... write resumed>) = 18 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8402] memfd_create("syzkaller", 0 [pid 8401] <... setpgid resumed>) = 0 [pid 8400] write(3, "1000", 4 [pid 8399] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./223/file1", [pid 8400] <... write resumed>) = 4 [pid 8399] <... futex resumed>) = 0 [pid 8402] <... memfd_create resumed>) = 3 [pid 8401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8402] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8401] <... openat resumed>) = 3 [pid 8400] close(3 [pid 8399] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8401] write(3, "1000", 4) = 4 [pid 8401] close(3) = 0 [pid 8401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8402] munmap(0x7f3002800000, 138412032) = 0 [pid 8401] write(1, "executing program\n", 18executing program ) = 18 [pid 8401] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8401] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8402] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8401] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8402] <... openat resumed>) = 4 [pid 8401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8402] ioctl(4, LOOP_SET_FD, 3 [pid 8401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8400] <... close resumed>) = 0 [pid 8399] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8400] symlink("/dev/binderfs", "./binderfs" [pid 8399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8400] <... symlink resumed>) = 0 [pid 8399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] newfstatat(4, "", executing program {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8400] write(1, "executing program\n", 18 [pid 8399] <... mmap resumed>) = 0x7f300ac28000 [pid 8400] <... write resumed>) = 18 [pid 8399] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] getdents64(4, [pid 8401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8399] <... mprotect resumed>) = 0 [pid 8400] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 8400] <... futex resumed>) = 0 [pid 8399] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8401] <... mmap resumed>) = 0x7f300ac28000 [pid 8400] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8399] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] close(4 [pid 8401] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8400] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8401] <... mprotect resumed>) = 0 [pid 8400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] <... close resumed>) = 0 ./strace-static-x86_64: Process 8403 attached [pid 8401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rmdir("./223/file1" [pid 8401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8404 attached [pid 8400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8399] <... clone3 resumed> => {parent_tid=[8403]}, 88) = 8403 [pid 5830] <... rmdir resumed>) = 0 [pid 8404] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8401] <... clone3 resumed> => {parent_tid=[8404]}, 88) = 8404 [pid 8400] <... mmap resumed>) = 0x7f300ac28000 [pid 8399] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8404] <... rseq resumed>) = 0 [pid 8401] rt_sigprocmask(SIG_SETMASK, [], [pid 8400] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8404] set_robust_list(0x7f300ac489a0, 24 [pid 8403] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8404] <... set_robust_list resumed>) = 0 [pid 8403] <... rseq resumed>) = 0 [pid 8401] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8400] <... mprotect resumed>) = 0 [pid 8399] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./223/binderfs", [pid 8404] rt_sigprocmask(SIG_SETMASK, [], [pid 8403] set_robust_list(0x7f300ac489a0, 24 [pid 8401] <... futex resumed>) = 0 [pid 8404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8403] <... set_robust_list resumed>) = 0 [pid 8402] <... ioctl resumed>) = 0 [pid 8401] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8399] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8404] memfd_create("syzkaller", 0 [pid 8403] rt_sigprocmask(SIG_SETMASK, [], [pid 8400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8399] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] unlink("./223/binderfs" [pid 8404] <... memfd_create resumed>) = 3 [pid 8403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] close(3 [pid 8403] memfd_create("syzkaller", 0 [pid 8402] <... close resumed>) = 0 [pid 8404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8403] <... memfd_create resumed>) = 3 [pid 8402] close(4 [pid 8400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8404] <... mmap resumed>) = 0x7f3002800000 [pid 8403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8402] <... close resumed>) = 0 [pid 8400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] getdents64(3, [pid 8403] <... mmap resumed>) = 0x7f3002800000 ./strace-static-x86_64: Process 8405 attached [pid 8404] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8403] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8402] mkdir("./file1", 0777 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8402] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 8400] <... clone3 resumed> => {parent_tid=[8405]}, 88) = 8405 [pid 5830] <... close resumed>) = 0 [pid 8405] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8400] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] rmdir("./223" [pid 8405] <... rseq resumed>) = 0 [pid 8400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8405] set_robust_list(0x7f300ac489a0, 24 [pid 8403] <... write resumed>) = 131072 [pid 8402] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8400] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 8405] <... set_robust_list resumed>) = 0 [pid 8400] <... futex resumed>) = 0 [pid 5830] mkdir("./224", 0777 [pid 8405] rt_sigprocmask(SIG_SETMASK, [], [pid 8404] <... write resumed>) = 131072 [pid 8400] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8403] munmap(0x7f3002800000, 138412032 [pid 8404] munmap(0x7f3002800000, 138412032 [pid 8403] <... munmap resumed>) = 0 [pid 8405] memfd_create("syzkaller", 0 [pid 8403] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8404] <... munmap resumed>) = 0 [ 207.856752][ T8402] loop1: detected capacity change from 0 to 256 [pid 8405] <... memfd_create resumed>) = 3 [pid 8404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8404] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 8403] ioctl(4, LOOP_SET_FD, 3 [pid 8405] <... mmap resumed>) = 0x7f3002800000 [pid 8404] ioctl(4, LOOP_SET_FD, 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 8405] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8404] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 8404] close(3 [pid 8405] <... write resumed>) = 131072 [pid 8404] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8403] <... ioctl resumed>) = 0 [pid 8404] close(4 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8406 ./strace-static-x86_64: Process 8406 attached [pid 8404] <... close resumed>) = 0 [pid 8403] close(3) = 0 [pid 8403] close(4) = 0 [pid 8403] mkdir("./file1", 0777) = 0 [pid 8403] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8406] set_robust_list(0x55556b85b6a0, 24 [pid 8405] munmap(0x7f3002800000, 138412032 [pid 8404] mkdir("./file1", 0777) = 0 [pid 8406] <... set_robust_list resumed>) = 0 [pid 8405] <... munmap resumed>) = 0 [pid 8404] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8406] chdir("./224" [pid 8405] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8406] <... chdir resumed>) = 0 [pid 8406] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8405] <... openat resumed>) = 4 [pid 8406] <... prctl resumed>) = 0 [pid 8406] setpgid(0, 0 [ 207.903261][ T8403] loop3: detected capacity change from 0 to 256 [ 207.910573][ T8404] loop4: detected capacity change from 0 to 256 [ 207.916069][ T8402] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8405] ioctl(4, LOOP_SET_FD, 3 [pid 8406] <... setpgid resumed>) = 0 [pid 8406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 8406] write(3, "1000", 4 [pid 8405] <... ioctl resumed>) = 0 [pid 8406] <... write resumed>) = 4 [pid 8405] close(3 [pid 8406] close(3) = 0 [pid 8406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8406] write(1, "executing program\n", 18 [pid 8405] <... close resumed>) = 0 [pid 8406] <... write resumed>) = 18 [pid 8406] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] <... mount resumed>) = 0 [pid 8405] close(4 [pid 8406] <... futex resumed>) = 0 [pid 8406] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8405] <... close resumed>) = 0 [ 207.971892][ T8405] loop2: detected capacity change from 0 to 256 [pid 8405] mkdir("./file1", 0777 [pid 8406] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8405] <... mkdir resumed>) = 0 [pid 8402] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8405] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8402] <... openat resumed>) = 3 [pid 8402] chdir("./file1") = 0 [pid 8402] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8402] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8402] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8406] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8404] <... mount resumed>) = 0 [pid 8398] <... futex resumed>) = 0 [pid 8406] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8398] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8406] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8404] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8398] <... futex resumed>) = 1 [pid 8406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8398] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8404] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8407 attached [pid 8404] chdir("./file1" [pid 8402] <... futex resumed>) = 0 [pid 8407] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8406] <... clone3 resumed> => {parent_tid=[8407]}, 88) = 8407 [pid 8404] <... chdir resumed>) = 0 [pid 8407] <... rseq resumed>) = 0 [pid 8406] rt_sigprocmask(SIG_SETMASK, [], [pid 8404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8407] set_robust_list(0x7f300ac489a0, 24 [pid 8406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8407] <... set_robust_list resumed>) = 0 [pid 8407] rt_sigprocmask(SIG_SETMASK, [], [pid 8406] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8404] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8403] <... mount resumed>) = 0 [pid 8402] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8407] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 208.021165][ T8404] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 208.021471][ T8403] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8407] memfd_create("syzkaller", 0 [pid 8406] <... futex resumed>) = 0 [pid 8404] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8403] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8402] <... openat resumed>) = 4 [pid 8406] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8404] <... futex resumed>) = 1 [pid 8404] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8403] <... openat resumed>) = 3 [pid 8402] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8403] chdir("./file1" [pid 8407] <... memfd_create resumed>) = 3 [pid 8403] <... chdir resumed>) = 0 [pid 8402] <... futex resumed>) = 1 [pid 8398] <... futex resumed>) = 0 [pid 8402] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8398] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8401] <... futex resumed>) = 0 [pid 8398] <... futex resumed>) = 0 [pid 8407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8403] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8402] mkdir("./file2", 0777 [pid 8401] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8398] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8407] <... mmap resumed>) = 0x7f3002800000 [pid 8403] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8401] <... futex resumed>) = 1 [pid 8403] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8404] <... futex resumed>) = 0 [pid 8403] <... futex resumed>) = 1 [pid 8401] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8407] <... write resumed>) = 131072 [pid 8404] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8403] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8399] <... futex resumed>) = 0 [pid 8407] munmap(0x7f3002800000, 138412032 [pid 8399] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] <... munmap resumed>) = 0 [pid 8403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8399] <... futex resumed>) = 0 [pid 8399] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8403] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8404] <... openat resumed>) = 4 [pid 8403] <... openat resumed>) = 4 [ 208.101336][ T8402] exFAT-fs (loop1): error, data size is invalid(9000) [ 208.113838][ T8405] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 208.119413][ T8402] exFAT-fs (loop1): Filesystem has been set read-only [pid 8407] ioctl(4, LOOP_SET_FD, 3 [pid 8404] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8398] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8404] <... futex resumed>) = 1 [pid 8401] <... futex resumed>) = 0 [pid 8398] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8404] mkdir("./file2", 0777 [pid 8401] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8398] <... futex resumed>) = 0 [pid 8407] <... ioctl resumed>) = 0 [pid 8401] <... futex resumed>) = 0 [pid 8398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8401] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8398] <... mmap resumed>) = 0x7f300ac07000 [pid 8398] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8408 attached => {parent_tid=[8408]}, 88) = 8408 [pid 8398] rt_sigprocmask(SIG_SETMASK, [], [pid 8408] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8402] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8398] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8402] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8398] <... futex resumed>) = 0 [pid 8403] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8405] <... mount resumed>) = 0 [pid 8408] <... rseq resumed>) = ? [pid 8403] <... futex resumed>) = 1 [pid 8399] <... futex resumed>) = 0 [pid 8405] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8408] +++ killed by SIGSEGV +++ [pid 8405] <... openat resumed>) = 3 [pid 8403] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8399] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8399] <... futex resumed>) = 0 [pid 8399] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8403] mkdir("./file2", 0777 [pid 8405] chdir("./file1") = 0 [pid 8402] +++ killed by SIGSEGV +++ [pid 8398] +++ killed by SIGSEGV +++ [pid 8405] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8405] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8405] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8400] <... futex resumed>) = 0 [pid 8400] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8398, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8405] <... futex resumed>) = 0 [pid 8400] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8405] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 208.150394][ T8407] loop0: detected capacity change from 0 to 256 [ 208.156338][ T8404] exFAT-fs (loop4): error, data size is invalid(9000) [ 208.182490][ T8403] exFAT-fs (loop3): error, data size is invalid(9000) [ 208.183287][ T8404] exFAT-fs (loop4): Filesystem has been set read-only [pid 5831] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8405] <... openat resumed>) = 4 [pid 5831] newfstatat(3, "", [pid 8405] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8405] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8400] <... futex resumed>) = 0 [pid 8400] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8405] <... futex resumed>) = 0 [pid 8405] mkdir("./file2", 0777 [pid 8407] close(3 [pid 8401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8401] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8400] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] getdents64(3, [pid 8401] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8401] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8401] <... mprotect resumed>) = 0 [pid 8401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8409]}, 88) = 8409 [pid 8401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8401] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8401] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8409 attached [pid 8409] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8404] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8409] <... rseq resumed>) = 0 [pid 8404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8407] <... close resumed>) = 0 [pid 8401] <... futex resumed>) = ? [pid 8407] close(4 [pid 8409] +++ killed by SIGSEGV +++ [pid 8407] <... close resumed>) = 0 [pid 8404] +++ killed by SIGSEGV +++ [pid 8401] +++ killed by SIGSEGV +++ [pid 8399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8407] mkdir("./file1", 0777 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8401, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8399] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] <... mkdir resumed>) = 0 [pid 8399] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8399] <... mmap resumed>) = 0x7f300ac07000 [pid 8399] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8399] <... mprotect resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./225/file1", [pid 8407] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8399] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8399] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8405] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8399] <... clone3 resumed> => {parent_tid=[8410]}, 88) = 8410 [pid 5834] getdents64(3, [pid 5831] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8410 attached [pid 5831] newfstatat(4, "", [pid 8400] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8400] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8399] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8400] <... futex resumed>) = 0 [pid 8400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 5831] getdents64(4, [pid 8400] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8410] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8410] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8410] rt_sigprocmask(SIG_SETMASK, [], [pid 8400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8411]}, 88) = 8411 [pid 8400] rt_sigprocmask(SIG_SETMASK, [], [pid 8410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8410] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8400] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8411 attached ) = 0 [pid 5831] getdents64(4, [pid 8399] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8410] <... futex resumed>) = 0 [pid 8403] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8400] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8399] <... futex resumed>) = 1 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8410] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8411] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8410] <... ioctl resumed>) = 0 [pid 8411] <... rseq resumed>) = 0 [pid 8410] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8411] set_robust_list(0x7f300ac279a0, 24 [pid 8410] <... futex resumed>) = 0 [pid 8411] <... set_robust_list resumed>) = 0 [pid 8410] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8411] rt_sigprocmask(SIG_SETMASK, [], [pid 8405] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8403] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8399] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] close(4 [pid 8411] <... rt_sigprocmask resumed> ) = ? [pid 8400] <... futex resumed>) = ? [pid 8399] <... futex resumed>) = ? [pid 5831] <... close resumed>) = 0 [pid 8411] +++ killed by SIGSEGV +++ [ 208.209909][ T8405] exFAT-fs (loop2): error, data size is invalid(9000) [ 208.211773][ T8403] exFAT-fs (loop3): Filesystem has been set read-only [ 208.250140][ T8405] exFAT-fs (loop2): Filesystem has been set read-only [pid 5831] rmdir("./225/file1" [pid 8410] <... futex resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 8410] +++ killed by SIGSEGV +++ [pid 8403] +++ killed by SIGSEGV +++ [pid 8405] +++ killed by SIGSEGV +++ [pid 8400] +++ killed by SIGSEGV +++ [pid 8399] +++ killed by SIGSEGV +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8400, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8399, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./225/binderfs", [pid 5834] <... umount2 resumed>) = 0 [pid 5832] umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./225/binderfs" [pid 5834] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] <... unlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, [pid 5834] newfstatat(AT_FDCWD, "./222/file1", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(3, [pid 5833] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(3, "", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] getdents64(3, [pid 5834] newfstatat(4, "", [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 5833] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./225" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 5831] mkdir("./226", 0777 [pid 5834] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5834] rmdir("./222/file1") = 0 [pid 5834] umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./222/binderfs", [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./222/binderfs" [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5834] <... unlink resumed>) = 0 [pid 5832] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3) = 0 [pid 5832] newfstatat(AT_FDCWD, "./218/file1", [pid 5834] getdents64(3, [pid 5833] <... umount2 resumed>) = 0 [pid 8407] <... mount resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8407] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8407] chdir("./file1" [pid 5832] umount2("./218/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8412 [pid 5834] <... close resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./223/file1", ./strace-static-x86_64: Process 8412 attached [pid 8407] <... chdir resumed>) = 0 [pid 5834] rmdir("./222" [pid 5832] openat(AT_FDCWD, "./218/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8407] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 8412] set_robust_list(0x55556b85b6a0, 24 [pid 8407] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] mkdir("./223", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8412] <... set_robust_list resumed>) = 0 [pid 8407] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8412] chdir("./226" [pid 8407] <... futex resumed>) = 1 [pid 8412] <... chdir resumed>) = 0 [pid 8407] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8412] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8406] <... futex resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5832] getdents64(4, [pid 5833] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8406] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8412] <... prctl resumed>) = 0 [pid 8406] <... futex resumed>) = 1 [pid 5834] <... openat resumed>) = 3 [pid 5833] openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] close(4 [ 208.315451][ T8407] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8406] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... close resumed>) = 0 [pid 8412] setpgid(0, 0 [pid 8407] <... futex resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5833] <... openat resumed>) = 4 [pid 5832] rmdir("./218/file1" [pid 8412] <... setpgid resumed>) = 0 [pid 8412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8407] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8412] <... openat resumed>) = 3 [pid 8407] <... openat resumed>) = 4 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 5832] <... rmdir resumed>) = 0 [pid 8412] write(3, "1000", 4) = 4 [pid 8407] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8412] close(3 [pid 8407] <... futex resumed>) = 1 [pid 8412] <... close resumed>) = 0 [pid 8407] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8406] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8412] write(1, "executing program\n", 18 [pid 8406] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 5833] getdents64(4, [pid 5832] newfstatat(AT_FDCWD, "./218/binderfs", [pid 8412] <... write resumed>) = 18 [pid 8407] <... futex resumed>) = 0 [pid 8406] <... futex resumed>) = 1 [pid 8412] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] mkdir("./file2", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8412] <... futex resumed>) = 0 [pid 8406] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8412] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8412] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8412] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(4, [pid 5832] unlink("./218/binderfs" [pid 8412] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}executing program [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8413 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8412] <... clone3 resumed> => {parent_tid=[8414]}, 88) = 8414 [pid 8412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8412] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8412] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8413 attached [pid 8413] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8413] chdir("./223") = 0 [pid 8413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8413] setpgid(0, 0) = 0 [pid 8413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8413] write(3, "1000", 4) = 4 [pid 8413] close(3) = 0 [pid 8413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8413] write(1, "executing program\n", 18) = 18 [pid 8413] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8413] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] getdents64(3, [pid 5833] close(4 [pid 8413] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8413] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 8414 attached [pid 8413] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8407] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8414] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8413] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8407] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] rmdir("./223/file1" [pid 8414] <... rseq resumed>) = 0 [pid 8413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8415 attached => {parent_tid=[8415]}, 88) = 8415 [pid 8415] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] <... rmdir resumed>) = 0 [pid 8414] set_robust_list(0x7f300ac489a0, 24 [pid 8415] <... rseq resumed>) = 0 [pid 8414] <... set_robust_list resumed>) = 0 [pid 8413] rt_sigprocmask(SIG_SETMASK, [], [pid 8415] set_robust_list(0x7f300ac489a0, 24 [pid 8414] rt_sigprocmask(SIG_SETMASK, [], [pid 8413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8406] <... futex resumed>) = ? [pid 5833] umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 8415] <... set_robust_list resumed>) = 0 [pid 8414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8413] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8407] +++ killed by SIGSEGV +++ [pid 8415] rt_sigprocmask(SIG_SETMASK, [], [pid 8413] <... futex resumed>) = 0 [pid 8415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8413] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8415] memfd_create("syzkaller", 0) = 3 [pid 8414] memfd_create("syzkaller", 0 [pid 8406] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./218" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8406, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] newfstatat(AT_FDCWD, "./223/binderfs", [pid 8415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8415] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8414] <... memfd_create resumed>) = 3 [pid 5830] umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8414] <... mmap resumed>) = 0x7f3002800000 [pid 5833] unlink("./223/binderfs" [pid 5832] mkdir("./219", 0777 [pid 5830] <... openat resumed>) = 3 [pid 8415] <... write resumed>) = 131072 [ 208.394116][ T8407] exFAT-fs (loop0): error, data size is invalid(9000) [ 208.411597][ T8407] exFAT-fs (loop0): Filesystem has been set read-only [pid 5830] newfstatat(3, "", [pid 8415] munmap(0x7f3002800000, 138412032 [pid 8414] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8415] <... munmap resumed>) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8415] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8414] <... write resumed>) = 131072 [pid 5833] getdents64(3, [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8415] <... openat resumed>) = 4 [pid 8415] ioctl(4, LOOP_SET_FD, 3 [pid 8414] munmap(0x7f3002800000, 138412032 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5833] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] close(3 [pid 8415] <... ioctl resumed>) = 0 [pid 8414] <... munmap resumed>) = 0 [pid 5833] rmdir("./223" [pid 5832] <... close resumed>) = 0 [pid 5830] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8415] close(3) = 0 [pid 8415] close(4) = 0 [pid 8415] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 8416 attached [pid 8414] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8416 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8415] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8414] <... openat resumed>) = 4 [pid 5833] mkdir("./224", 0777 [pid 5830] newfstatat(AT_FDCWD, "./224/file1", [pid 8414] ioctl(4, LOOP_SET_FD, 3 [pid 8416] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5830] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8416] <... set_robust_list resumed>) = 0 [pid 8416] chdir("./219") = 0 [pid 8416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8416] setpgid(0, 0) = 0 [ 208.475192][ T8415] loop4: detected capacity change from 0 to 256 [ 208.507646][ T8414] loop1: detected capacity change from 0 to 256 executing program [pid 8416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8414] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8414] close(3) = 0 [pid 5830] openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8414] close(4 [pid 5833] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 8414] <... close resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5830] newfstatat(4, "", [pid 8414] mkdir("./file1", 0777 [pid 5833] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8414] <... mkdir resumed>) = 0 [pid 5833] close(3 [pid 5830] getdents64(4, [pid 8416] <... openat resumed>) = 3 [pid 8416] write(3, "1000", 4) = 4 [pid 8416] close(3) = 0 [pid 8416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8416] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8416] <... write resumed>) = 18 [pid 8416] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8416] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8414] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] <... close resumed>) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8416] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] close(4 [pid 8416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... close resumed>) = 0 [pid 8416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rmdir("./224/file1" [pid 8416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8416] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8417 attached [pid 5830] <... rmdir resumed>) = 0 [pid 8416] <... clone3 resumed> => {parent_tid=[8418]}, 88) = 8418 ./strace-static-x86_64: Process 8418 attached [pid 8416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8416] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8416] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./224/binderfs", [pid 8418] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8417] set_robust_list(0x55556b85b6a0, 24 [pid 8415] <... mount resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8417 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8417] <... set_robust_list resumed>) = 0 [pid 5830] unlink("./224/binderfs" [pid 8418] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8418] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... unlink resumed>) = 0 [pid 8418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8417] chdir("./224" [pid 5830] getdents64(3, [pid 8418] memfd_create("syzkaller", 0 [pid 8415] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8415] chdir("./file1" [pid 5830] close(3 [pid 8417] <... chdir resumed>) = 0 [pid 8417] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8415] <... chdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8417] <... prctl resumed>) = 0 [pid 5830] rmdir("./224" [pid 8417] setpgid(0, 0 [pid 8415] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 8418] <... memfd_create resumed>) = 3 [pid 8417] <... setpgid resumed>) = 0 [pid 8415] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8415] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8418] <... mmap resumed>) = 0x7f3002800000 [pid 8415] <... futex resumed>) = 1 [pid 8413] <... futex resumed>) = 0 [pid 8418] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8415] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] mkdir("./225", 0777 [ 208.519591][ T8415] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8413] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8413] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8415] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8417] <... openat resumed>) = 3 [pid 8415] <... openat resumed>) = 4 [pid 5830] <... mkdir resumed>) = 0 [pid 8418] <... write resumed>) = 131072 [pid 8415] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8413] <... futex resumed>) = 0 [pid 8413] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8415] mkdir("./file2", 0777 [pid 8413] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8418] munmap(0x7f3002800000, 138412032 [pid 8417] write(3, "1000", 4 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8417] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 8417] close(3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8418] <... munmap resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8417] <... close resumed>) = 0 [pid 5830] close(3 [pid 8418] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8418] ioctl(4, LOOP_SET_FD, 3 [pid 8417] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... close resumed>) = 0 executing program [pid 8417] <... symlink resumed>) = 0 [pid 8415] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8417] write(1, "executing program\n", 18 [pid 8418] <... ioctl resumed>) = 0 [pid 8417] <... write resumed>) = 18 [pid 8417] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8418] close(3) = 0 [pid 8418] close(4) = 0 ./strace-static-x86_64: Process 8419 attached [pid 8418] mkdir("./file1", 0777) = 0 [pid 8417] <... futex resumed>) = 0 [pid 8413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8413] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8417] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8419 [pid 8413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8413] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8413] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8417] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8413] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8419] set_robust_list(0x55556b85b6a0, 24 [pid 8417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8418] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8419] <... set_robust_list resumed>) = 0 [pid 8419] chdir("./225" [pid 8413] <... clone3 resumed> => {parent_tid=[8420]}, 88) = 8420 [pid 8413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8420 attached [pid 8413] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8413] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8419] <... chdir resumed>) = 0 [pid 8419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8419] setpgid(0, 0) = 0 [pid 8419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8420] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8420] <... rseq resumed>) = 0 [pid 8420] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8417] <... mmap resumed>) = 0x7f300ac28000 [pid 8420] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080executing program [pid 8417] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8419] <... openat resumed>) = 3 [pid 8419] write(3, "1000", 4) = 4 [pid 8419] close(3) = 0 [pid 8419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8420] <... ioctl resumed>) = 0 [pid 8420] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8413] <... futex resumed>) = 0 [pid 8420] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8419] write(1, "executing program\n", 18) = 18 [pid 8419] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8419] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8419] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8417] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8414] <... mount resumed>) = 0 [pid 8419] <... mprotect resumed>) = 0 [ 208.573463][ T8415] exFAT-fs (loop4): error, data size is invalid(9000) [ 208.586564][ T8418] loop2: detected capacity change from 0 to 256 [ 208.587282][ T8414] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 208.609494][ T8415] exFAT-fs (loop4): Filesystem has been set read-only [pid 8417] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8414] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8419] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 8421 attached [pid 8414] <... openat resumed>) = 3 [pid 8421] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8417] <... clone3 resumed> => {parent_tid=[8421]}, 88) = 8421 [pid 8414] chdir("./file1" [pid 8421] <... rseq resumed>) = 0 [pid 8421] set_robust_list(0x7f300ac489a0, 24 [pid 8414] <... chdir resumed>) = 0 [pid 8417] rt_sigprocmask(SIG_SETMASK, [], [pid 8421] <... set_robust_list resumed>) = 0 [pid 8419] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8415] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8414] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8421] rt_sigprocmask(SIG_SETMASK, [], [pid 8417] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8421] memfd_create("syzkaller", 0 [pid 8420] <... futex resumed>) = ? [pid 8419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8417] <... futex resumed>) = 0 [pid 8414] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8421] <... memfd_create resumed>) = 3 [pid 8420] +++ killed by SIGSEGV +++ [pid 8417] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8415] +++ killed by SIGSEGV +++ [pid 8414] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8413] +++ killed by SIGSEGV +++ [pid 8421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8413, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8414] <... futex resumed>) = 1 [pid 8412] <... futex resumed>) = 0 [pid 8414] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8421] <... mmap resumed>) = 0x7f3002800000 [pid 8412] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8422 attached [pid 8421] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8412] <... futex resumed>) = 0 [pid 8422] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8419] <... clone3 resumed> => {parent_tid=[8422]}, 88) = 8422 [pid 8422] set_robust_list(0x7f300ac489a0, 24 [pid 8419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8412] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8419] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8419] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8422] <... set_robust_list resumed>) = 0 [pid 8422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8422] memfd_create("syzkaller", 0 [pid 8421] <... write resumed>) = 131072 [pid 8414] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8422] <... memfd_create resumed>) = 3 [pid 8422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8422] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8421] munmap(0x7f3002800000, 138412032 [pid 8414] <... openat resumed>) = 4 [pid 5834] umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8421] <... munmap resumed>) = 0 [pid 8414] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8414] <... futex resumed>) = 1 [pid 8412] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8412] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8422] munmap(0x7f3002800000, 138412032 [pid 8412] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8422] <... munmap resumed>) = 0 [pid 8421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 8422] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8421] <... openat resumed>) = 4 [pid 5834] newfstatat(3, "", [pid 8414] mkdir("./file2", 0777 [pid 8422] <... openat resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 208.680433][ T8418] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 208.709547][ T8414] exFAT-fs (loop1): error, data size is invalid(9000) [ 208.710299][ T8422] loop0: detected capacity change from 0 to 256 [pid 8422] ioctl(4, LOOP_SET_FD, 3 [pid 8421] ioctl(4, LOOP_SET_FD, 3 [pid 5834] getdents64(3, [pid 8418] <... mount resumed>) = 0 [pid 8418] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8418] chdir("./file1") = 0 [pid 8418] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8418] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8418] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8416] <... futex resumed>) = 0 [pid 8416] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8418] <... futex resumed>) = 0 [pid 8418] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8416] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8421] <... ioctl resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8418] <... openat resumed>) = 4 [pid 5834] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8418] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8416] <... futex resumed>) = 0 [pid 8416] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8416] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8422] <... ioctl resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8418] mkdir("./file2", 0777 [pid 8421] close(3 [pid 8412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8412] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] newfstatat(AT_FDCWD, "./223/file1", [pid 8412] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8422] close(3) = 0 [pid 8422] close(4) = 0 [pid 8422] mkdir("./file1", 0777) = 0 [pid 8421] <... close resumed>) = 0 [pid 8412] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] umount2("./223/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8421] close(4) = 0 [pid 8412] <... mprotect resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8422] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] openat(AT_FDCWD, "./223/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8421] mkdir("./file1", 0777 [pid 8414] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8412] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... openat resumed>) = 4 [pid 8421] <... mkdir resumed>) = 0 [pid 8412] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8414] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] newfstatat(4, "", [pid 8421] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [ 208.731269][ T8421] loop3: detected capacity change from 0 to 256 [ 208.744359][ T8414] exFAT-fs (loop1): Filesystem has been set read-only [ 208.756174][ T8418] exFAT-fs (loop2): error, data size is invalid(9000) [pid 5834] close(4) = 0 [pid 8414] +++ killed by SIGSEGV +++ [pid 8412] +++ killed by SIGSEGV +++ [pid 8416] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8416] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8416] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rmdir("./223/file1" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8412, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8416] <... clone3 resumed> => {parent_tid=[8423]}, 88) = 8423 [pid 8416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8416] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8416] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8423 attached [pid 5834] umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8423] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8423] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8423] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8418] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8423] <... ioctl resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./223/binderfs", [pid 8423] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8423] <... futex resumed>) = 1 [pid 8416] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8423] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8423] <... futex resumed>) = ? [pid 5831] openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8423] +++ killed by SIGSEGV +++ [pid 8418] +++ killed by SIGSEGV +++ [pid 8416] +++ killed by SIGSEGV +++ [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5834] unlink("./223/binderfs" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8416, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] getdents64(3, [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [ 208.783365][ T8418] exFAT-fs (loop2): Filesystem has been set read-only [ 208.788926][ T8421] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8421] <... mount resumed>) = 0 [pid 5834] getdents64(3, [pid 5831] <... umount2 resumed>) = 0 [pid 8421] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8421] <... openat resumed>) = 3 [pid 5834] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8421] chdir("./file1" [pid 5834] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./226/file1", [pid 8422] <... mount resumed>) = 0 [pid 8421] <... chdir resumed>) = 0 [pid 5834] rmdir("./223" [pid 5832] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8422] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... rmdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8422] <... openat resumed>) = 3 [pid 8421] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] mkdir("./224", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8422] chdir("./file1" [pid 8421] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8422] <... chdir resumed>) = 0 [pid 8421] <... futex resumed>) = 1 [pid 8417] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8422] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8421] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8417] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 3 [pid 5832] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8422] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8417] <... futex resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8417] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... ioctl resumed>) = 0 [pid 5832] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(4, "", [pid 8422] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8421] <... openat resumed>) = 4 [pid 5834] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8422] <... futex resumed>) = 1 [pid 8421] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8419] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./219/file1", [pid 5831] getdents64(4, [pid 8422] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8421] <... futex resumed>) = 1 [pid 8419] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8417] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8421] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8419] <... futex resumed>) = 0 [pid 8417] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] umount2("./219/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, ./strace-static-x86_64: Process 8424 attached [pid 8422] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 208.847931][ T8422] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8419] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8417] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8421] mkdir("./file2", 0777 [pid 8417] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "./219/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(4 [pid 8422] <... openat resumed>) = 4 [pid 8424] set_robust_list(0x55556b85b6a0, 24 [pid 8422] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 8424] <... set_robust_list resumed>) = 0 [pid 8422] <... futex resumed>) = 1 [pid 8419] <... futex resumed>) = 0 [pid 5831] rmdir("./226/file1" [pid 8424] chdir("./224" [pid 8419] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8424] <... chdir resumed>) = 0 [pid 8422] mkdir("./file2", 0777 [pid 8419] <... futex resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8424 [pid 5832] newfstatat(4, "", [pid 5831] umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8424] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8419] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5831] newfstatat(AT_FDCWD, "./226/binderfs", [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(4, [pid 5831] unlink("./226/binderfs" [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5832] close(4 [pid 5831] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./219/file1" [pid 5831] close(3 [pid 8424] <... prctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8424] setpgid(0, 0 [pid 5832] umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./226" [pid 8424] <... setpgid resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] mkdir("./227", 0777 [pid 8424] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./219/binderfs", [pid 5831] <... mkdir resumed>) = 0 [pid 8424] write(3, "1000", 4) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8424] close(3executing program [pid 5832] unlink("./219/binderfs" [pid 8424] <... close resumed>) = 0 [pid 8422] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8424] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... openat resumed>) = 3 [pid 8424] <... symlink resumed>) = 0 [pid 8422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8424] write(1, "executing program\n", 18 [pid 8419] <... futex resumed>) = ? [pid 8424] <... write resumed>) = 18 [pid 8424] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 8424] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8424] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] close(3 [pid 8424] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8422] +++ killed by SIGSEGV +++ [pid 8419] +++ killed by SIGSEGV +++ [pid 5832] <... close resumed>) = 0 [pid 8424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] rmdir("./219" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8419, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] mkdir("./220", 0777 [pid 8424] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... mkdir resumed>) = 0 [pid 8424] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8424] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... openat resumed>) = 3 [pid 8424] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8425 attached [pid 5832] close(3 [pid 8425] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8424] <... clone3 resumed> => {parent_tid=[8425]}, 88) = 8425 [pid 8425] <... rseq resumed>) = 0 [pid 8424] rt_sigprocmask(SIG_SETMASK, [], [pid 8417] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8425] set_robust_list(0x7f300ac489a0, 24 [pid 8424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8417] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8426 attached [pid 8425] <... set_robust_list resumed>) = 0 [pid 8424] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8421] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8417] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8425] rt_sigprocmask(SIG_SETMASK, [], [pid 8424] <... futex resumed>) = 0 [pid 8421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8417] read(0, [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8426 [pid 5830] <... openat resumed>) = 3 [pid 8425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8424] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8426] set_robust_list(0x55556b85b6a0, 24 [pid 8425] memfd_create("syzkaller", 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8421] +++ killed by SIGSEGV +++ [pid 8417] +++ killed by SIGSEGV +++ [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8417, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8426] <... set_robust_list resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8427 attached [pid 8426] chdir("./227" [pid 8425] <... memfd_create resumed>) = 3 [ 208.906568][ T8421] exFAT-fs (loop3): error, data size is invalid(9000) [ 208.917623][ T8422] exFAT-fs (loop0): error, data size is invalid(9000) [ 208.931674][ T8422] exFAT-fs (loop0): Filesystem has been set read-only [ 208.939428][ T8421] exFAT-fs (loop3): Filesystem has been set read-only [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8427 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8426] <... chdir resumed>) = 0 [pid 8425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8427] set_robust_list(0x55556b85b6a0, 24 [pid 8426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8425] <... mmap resumed>) = 0x7f3002800000 [pid 5833] openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = 0 [pid 8427] <... set_robust_list resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5830] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(AT_FDCWD, "./225/file1", [pid 5833] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./225/file1") = 0 [pid 8425] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8427] chdir("./220" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8427] <... chdir resumed>) = 0 [pid 8426] <... prctl resumed>) = 0 [pid 8425] <... write resumed>) = 131072 [pid 5833] <... umount2 resumed>) = 0 [pid 5830] unlink("./225/binderfs" [pid 8427] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5833] newfstatat(AT_FDCWD, "./224/file1", [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(3 [pid 8427] <... prctl resumed>) = 0 [pid 8426] setpgid(0, 0 [pid 8425] munmap(0x7f3002800000, 138412032 [pid 5833] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 8427] setpgid(0, 0 [pid 8426] <... setpgid resumed>) = 0 [pid 8425] <... munmap resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./225" [pid 8427] <... setpgid resumed>) = 0 [pid 8426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8425] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 8427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8426] <... openat resumed>) = 3 [pid 8425] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 4 [pid 5830] mkdir("./226", 0777 [pid 8427] <... openat resumed>) = 3 [pid 8426] write(3, "1000", 4 [pid 8425] ioctl(4, LOOP_SET_FD, 3 [pid 5833] newfstatat(4, "", [pid 5830] <... mkdir resumed>) = 0 [pid 8426] <... write resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5833] close(4) = 0 [pid 5830] close(3 [pid 5833] rmdir("./224/file1" [pid 8426] close(3 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./224/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8427] write(3, "1000", 4 [pid 8426] <... close resumed>) = 0 [pid 5833] close(3 [pid 8427] <... write resumed>) = 4 [pid 8426] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 executing program [pid 5833] rmdir("./224" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8427] close(3 [pid 8426] <... symlink resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8427] <... close resumed>) = 0 [pid 8426] write(1, "executing program\n", 18 [pid 8425] <... ioctl resumed>) = 0 [pid 8427] symlink("/dev/binderfs", "./binderfs" [pid 8426] <... write resumed>) = 18 [pid 8427] <... symlink resumed>) = 0 [pid 8426] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8425] close(3executing program ./strace-static-x86_64: Process 8428 attached [pid 8426] <... futex resumed>) = 0 [pid 8425] <... close resumed>) = 0 [pid 5833] mkdir("./225", 0777 [pid 8426] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8425] close(4 [pid 8427] write(1, "executing program\n", 18 [pid 8426] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8427] <... write resumed>) = 18 [pid 8426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8425] <... close resumed>) = 0 [pid 8427] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8425] mkdir("./file1", 0777 [pid 8427] <... futex resumed>) = 0 [pid 8426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8428] set_robust_list(0x55556b85b6a0, 24 [pid 8426] <... mmap resumed>) = 0x7f300ac28000 [pid 8425] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8428 [pid 8428] <... set_robust_list resumed>) = 0 [pid 8427] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8426] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8425] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5833] <... openat resumed>) = 3 [pid 8428] chdir("./226" [pid 8427] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8426] <... mprotect resumed>) = 0 [pid 8428] <... chdir resumed>) = 0 [pid 8427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8426] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8426] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8429 attached [pid 8428] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8427] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... ioctl resumed>) = 0 [pid 8429] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8428] <... prctl resumed>) = 0 [pid 8427] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8426] <... clone3 resumed> => {parent_tid=[8429]}, 88) = 8429 [pid 8429] <... rseq resumed>) = 0 [pid 8428] setpgid(0, 0 [pid 8427] <... mprotect resumed>) = 0 [pid 8426] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(3 [pid 8429] set_robust_list(0x7f300ac489a0, 24 [pid 8428] <... setpgid resumed>) = 0 [pid 8427] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8429] <... set_robust_list resumed>) = 0 [pid 8428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8426] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8429] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] <... openat resumed>) = 3 [pid 8427] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8426] <... futex resumed>) = 0 [pid 8429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8428] write(3, "1000", 4) = 4 [pid 8427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8426] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8429] memfd_create("syzkaller", 0 [pid 8428] close(3./strace-static-x86_64: Process 8430 attached [pid 8429] <... memfd_create resumed>) = 3 [pid 8428] <... close resumed>) = 0 [ 209.015853][ T8425] loop4: detected capacity change from 0 to 256 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8430] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8428] symlink("/dev/binderfs", "./binderfs" [pid 8430] <... rseq resumed>) = 0 [pid 8429] <... mmap resumed>) = 0x7f3002800000 [pid 8428] <... symlink resumed>) = 0 [pid 8427] <... clone3 resumed> => {parent_tid=[8430]}, 88) = 8430 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8431 ./strace-static-x86_64: Process 8431 attached [pid 8430] set_robust_list(0x7f300ac489a0, 24 [pid 8429] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8427] rt_sigprocmask(SIG_SETMASK, [], [pid 8430] <... set_robust_list resumed>) = 0 executing program [pid 8430] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] write(1, "executing program\n", 18 [pid 8427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8428] <... write resumed>) = 18 [pid 8428] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8428] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8430] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8427] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8431] set_robust_list(0x55556b85b6a0, 24 [pid 8427] <... futex resumed>) = 0 [pid 8431] <... set_robust_list resumed>) = 0 [pid 8430] memfd_create("syzkaller", 0 [pid 8429] <... write resumed>) = 131072 [pid 8428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8427] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8431] chdir("./225" [pid 8430] <... memfd_create resumed>) = 3 [pid 8428] <... mmap resumed>) = 0x7f300ac28000 [pid 8428] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8428] <... mprotect resumed>) = 0 [pid 8431] <... chdir resumed>) = 0 [pid 8430] <... mmap resumed>) = 0x7f3002800000 [pid 8429] munmap(0x7f3002800000, 138412032 [pid 8428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8431] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8430] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8429] <... munmap resumed>) = 0 [pid 8428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8431] <... prctl resumed>) = 0 [pid 8429] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8432 attached [pid 8430] <... write resumed>) = 131072 [pid 8428] <... clone3 resumed> => {parent_tid=[8432]}, 88) = 8432 [pid 8429] <... openat resumed>) = 4 [pid 8431] setpgid(0, 0 [pid 8432] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8428] rt_sigprocmask(SIG_SETMASK, [], [pid 8432] <... rseq resumed>) = 0 [pid 8431] <... setpgid resumed>) = 0 [pid 8429] ioctl(4, LOOP_SET_FD, 3 [pid 8428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] set_robust_list(0x7f300ac489a0, 24 [pid 8428] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8432] <... set_robust_list resumed>) = 0 [pid 8428] <... futex resumed>) = 0 [pid 8432] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] memfd_create("syzkaller", 0) = 3 [pid 8432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8432] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8432] munmap(0x7f3002800000, 138412032) = 0 [pid 8431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8430] munmap(0x7f3002800000, 138412032 [pid 8431] write(3, "1000", 4) = 4 [pid 8430] <... munmap resumed>) = 0 [pid 8431] close(3 [pid 8429] <... ioctl resumed>) = 0 [pid 8432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8431] <... close resumed>) = 0 [pid 8432] <... openat resumed>) = 4 [pid 8431] symlink("/dev/binderfs", "./binderfs"executing program [pid 8432] ioctl(4, LOOP_SET_FD, 3 [pid 8431] <... symlink resumed>) = 0 [pid 8430] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8431] write(1, "executing program\n", 18 [pid 8429] close(3 [pid 8431] <... write resumed>) = 18 [pid 8431] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... openat resumed>) = 4 [ 209.083419][ T8425] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 209.121989][ T8429] loop1: detected capacity change from 0 to 256 [pid 8429] <... close resumed>) = 0 [pid 8431] <... futex resumed>) = 0 [pid 8430] ioctl(4, LOOP_SET_FD, 3 [pid 8429] close(4 [pid 8425] <... mount resumed>) = 0 [pid 8431] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8432] <... ioctl resumed>) = 0 [pid 8431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8429] <... close resumed>) = 0 [pid 8425] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8429] mkdir("./file1", 0777 [pid 8425] <... openat resumed>) = 3 [pid 8431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8429] <... mkdir resumed>) = 0 [pid 8425] chdir("./file1" [pid 8431] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8432] close(3 [pid 8431] <... mprotect resumed>) = 0 [pid 8430] <... ioctl resumed>) = 0 [pid 8429] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8425] <... chdir resumed>) = 0 [pid 8432] <... close resumed>) = 0 [pid 8431] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8430] close(3 [pid 8425] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8431] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8430] <... close resumed>) = 0 [pid 8432] close(4 [pid 8431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8430] close(4 [pid 8425] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8432] <... close resumed>) = 0 ./strace-static-x86_64: Process 8433 attached [pid 8432] mkdir("./file1", 0777 [pid 8430] <... close resumed>) = 0 [pid 8425] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8433] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8432] <... mkdir resumed>) = 0 [pid 8431] <... clone3 resumed> => {parent_tid=[8433]}, 88) = 8433 [pid 8430] mkdir("./file1", 0777 [pid 8425] <... futex resumed>) = 1 [pid 8424] <... futex resumed>) = 0 [pid 8433] <... rseq resumed>) = 0 [pid 8431] rt_sigprocmask(SIG_SETMASK, [], [pid 8430] <... mkdir resumed>) = 0 [pid 8425] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8424] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8433] set_robust_list(0x7f300ac489a0, 24 [pid 8432] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8424] <... futex resumed>) = 0 [pid 8433] <... set_robust_list resumed>) = 0 [pid 8431] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8425] <... openat resumed>) = 4 [pid 8424] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8433] rt_sigprocmask(SIG_SETMASK, [], [pid 8431] <... futex resumed>) = 0 [pid 8433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8431] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8425] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8424] <... futex resumed>) = 0 [pid 8425] <... futex resumed>) = 1 [pid 8424] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8433] memfd_create("syzkaller", 0 [pid 8425] mkdir("./file2", 0777 [pid 8424] <... futex resumed>) = 0 [pid 8433] <... memfd_create resumed>) = 3 [ 209.142509][ T8432] loop0: detected capacity change from 0 to 256 [ 209.151717][ T8430] loop2: detected capacity change from 0 to 256 [pid 8424] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8433] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8433] munmap(0x7f3002800000, 138412032) = 0 [ 209.201897][ T8425] exFAT-fs (loop4): error, data size is invalid(9000) [ 209.225424][ T8432] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 209.232868][ T8429] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8433] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8433] <... openat resumed>) = 4 [pid 8424] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8432] <... mount resumed>) = 0 [pid 8433] ioctl(4, LOOP_SET_FD, 3 [pid 8424] <... futex resumed>) = 0 [pid 8424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8424] <... mmap resumed>) = 0x7f300ac07000 [pid 8424] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8434 attached => {parent_tid=[8434]}, 88) = 8434 [pid 8424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8424] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8424] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8434] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8432] chdir("./file1" [pid 8434] <... rseq resumed>) = 0 [pid 8432] <... chdir resumed>) = 0 [pid 8434] set_robust_list(0x7f300ac279a0, 24 [pid 8432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8434] <... set_robust_list resumed>) = 0 [pid 8432] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8434] rt_sigprocmask(SIG_SETMASK, [], [pid 8432] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] <... futex resumed>) = 1 [pid 8428] <... futex resumed>) = 0 [pid 8434] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8433] <... ioctl resumed>) = 0 [pid 8432] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8428] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8425] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8434] <... ioctl resumed>) = 0 [pid 8433] close(3 [pid 8428] <... futex resumed>) = 0 [pid 8428] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8434] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8424] <... futex resumed>) = 0 [pid 8434] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8433] <... close resumed>) = 0 [pid 8425] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8434] <... futex resumed>) = ? [pid 8433] close(4 [pid 8434] +++ killed by SIGSEGV +++ [pid 8433] <... close resumed>) = 0 [pid 8425] +++ killed by SIGSEGV +++ [pid 8424] +++ killed by SIGSEGV +++ [pid 8433] mkdir("./file1", 0777 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8424, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8433] <... mkdir resumed>) = 0 [pid 8432] <... openat resumed>) = 4 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8433] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] <... restart_syscall resumed>) = 0 [pid 8430] <... mount resumed>) = 0 [pid 8429] <... mount resumed>) = 0 [pid 8429] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8430] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8429] <... openat resumed>) = 3 [ 209.253513][ T8425] exFAT-fs (loop4): Filesystem has been set read-only [ 209.266871][ T8433] loop3: detected capacity change from 0 to 256 [ 209.290356][ T8430] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8430] <... openat resumed>) = 3 [pid 8429] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8432] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] chdir("./file1" [pid 8429] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8432] <... futex resumed>) = 1 [pid 8430] <... chdir resumed>) = 0 [pid 8429] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8428] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8432] mkdir("./file2", 0777 [pid 8428] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(3, "", [pid 8430] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8429] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8428] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8429] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8429] <... futex resumed>) = 1 [pid 8428] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8426] <... futex resumed>) = 0 [pid 5834] getdents64(3, [pid 8430] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8429] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8426] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... futex resumed>) = 1 [pid 8429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8427] <... futex resumed>) = 0 [pid 8426] <... futex resumed>) = 0 [pid 8430] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8427] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8426] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8430] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8427] <... futex resumed>) = 0 [pid 8433] <... mount resumed>) = 0 [pid 8427] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8430] <... openat resumed>) = 4 [pid 8429] <... openat resumed>) = 4 [pid 8433] <... openat resumed>) = 3 [pid 8430] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8429] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8433] chdir("./file1" [pid 8427] <... futex resumed>) = 0 [pid 8429] <... futex resumed>) = 1 [pid 8430] <... futex resumed>) = 1 [pid 8433] <... chdir resumed>) = 0 [pid 8427] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8426] <... futex resumed>) = 0 [pid 8429] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8433] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8430] mkdir("./file2", 0777 [pid 8429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8427] <... futex resumed>) = 0 [pid 8426] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8427] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8426] <... futex resumed>) = 0 [pid 8429] mkdir("./file2", 0777 [pid 8426] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = 0 [ 209.340042][ T8433] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 209.348463][ T8432] exFAT-fs (loop0): error, data size is invalid(9000) [ 209.372692][ T8430] exFAT-fs (loop2): error, data size is invalid(9000) [ 209.381308][ T8429] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8433] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./224/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8433] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8429] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8433] <... futex resumed>) = 1 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./224/file1") = 0 [pid 8433] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8431] <... futex resumed>) = 0 [pid 8430] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8431] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8428] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8433] <... futex resumed>) = 0 [pid 8431] <... futex resumed>) = 1 [pid 8428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8426] <... futex resumed>) = ? [pid 5834] newfstatat(AT_FDCWD, "./224/binderfs", [pid 8433] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8429] +++ killed by SIGSEGV +++ [pid 8427] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8431] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8428] <... mmap resumed>) = 0x7f300ac07000 [pid 8427] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8426] +++ killed by SIGSEGV +++ [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8428] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8427] <... futex resumed>) = 0 [pid 5834] unlink("./224/binderfs" [pid 8433] <... openat resumed>) = 4 [pid 8428] <... mprotect resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 8428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] getdents64(3, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8426, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 8428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] close(3 [pid 5831] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8435 attached [pid 8433] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... close resumed>) = 0 [pid 8435] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8433] <... futex resumed>) = 1 [pid 8431] <... futex resumed>) = 0 [pid 8430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8428] <... clone3 resumed> => {parent_tid=[8435]}, 88) = 8435 [pid 8427] <... mmap resumed>) = 0x20f3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8435] <... rseq resumed>) = 0 [pid 8433] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8431] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8428] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] rmdir("./224" [pid 8435] set_robust_list(0x7f300ac279a0, 24 [pid 8433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8431] <... futex resumed>) = 0 [pid 8428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... rmdir resumed>) = 0 [ 209.391231][ T8429] exFAT-fs (loop1): Filesystem has been set read-only [ 209.408693][ T8430] exFAT-fs (loop2): Filesystem has been set read-only [ 209.418810][ T8432] exFAT-fs (loop0): Filesystem has been set read-only [pid 8435] <... set_robust_list resumed>) = 0 [pid 8433] mkdir("./file2", 0777 [pid 8431] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8430] +++ killed by SIGSEGV +++ [pid 8428] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8427] +++ killed by SIGSEGV +++ [pid 5834] mkdir("./225", 0777 [pid 5831] umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8435] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] <... futex resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8428] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8427, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... openat resumed>) = 3 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... openat resumed>) = 3 [pid 8432] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] newfstatat(3, "", [pid 8435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... close resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] getdents64(3, [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8436 attached [pid 8428] <... futex resumed>) = ? [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8436 [pid 5832] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 8436] set_robust_list(0x55556b85b6a0, 24 [pid 8435] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8436] <... set_robust_list resumed>) = 0 [pid 8433] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 8436] chdir("./225" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8436] <... chdir resumed>) = 0 [pid 8433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8431] <... futex resumed>) = ? [pid 5832] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./227/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8436] setpgid(0, 0 [pid 8433] +++ killed by SIGSEGV +++ [pid 8432] +++ killed by SIGSEGV +++ [pid 8431] +++ killed by SIGSEGV +++ [pid 8428] +++ killed by SIGSEGV +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8436] <... setpgid resumed>) = 0 [pid 8436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8436] <... openat resumed>) = 3 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8431, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... umount2 resumed>) = 0 [pid 8436] write(3, "1000", 4 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5832] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8428, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8436] <... write resumed>) = 4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8436] close(3 [pid 5832] newfstatat(AT_FDCWD, "./220/file1", [pid 5831] newfstatat(4, "", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8436] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8436] symlink("/dev/binderfs", "./binderfs" [pid 5833] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5832] umount2("./220/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 8436] <... symlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8436] write(1, "executing program\n", 18) = 18 [pid 5833] openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8436] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8436] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./220/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5830] umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8436] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] newfstatat(3, "", [pid 8436] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] getdents64(3, [pid 5832] <... openat resumed>) = 4 [pid 5831] close(4 [pid 5830] openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(4, "", [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 8436] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] getdents64(4, [pid 5831] rmdir("./227/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 209.452260][ T8433] exFAT-fs (loop3): error, data size is invalid(9000) [ 209.462975][ T8433] exFAT-fs (loop3): Filesystem has been set read-only [pid 8436] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 8436] <... mprotect resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... umount2 resumed>) = 0 [pid 5831] umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4) = 0 [pid 5831] newfstatat(AT_FDCWD, "./227/binderfs", [pid 5832] rmdir("./220/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] unlink("./227/binderfs" [pid 5833] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./225/file1", [pid 5832] umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./226/file1", [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./220/binderfs", [pid 5831] close(3 [pid 5830] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... openat resumed>) = 4 [pid 5832] unlink("./220/binderfs" [pid 5831] rmdir("./227" [pid 5830] openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 8436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(3, [pid 8436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] getdents64(4, [pid 5830] newfstatat(4, "", [pid 5831] mkdir("./228", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3./strace-static-x86_64: Process 8437 attached [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8437] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 8436] <... clone3 resumed> => {parent_tid=[8437]}, 88) = 8437 [pid 5833] close(4 [pid 8437] <... rseq resumed>) = 0 [pid 8437] set_robust_list(0x7f300ac489a0, 24 [pid 8436] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8437] <... set_robust_list resumed>) = 0 [pid 8437] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] close(3 [pid 8437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8437] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./220") = 0 [pid 5833] rmdir("./225/file1" [pid 5832] mkdir("./221", 0777 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 8436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rmdir("./226/file1" [pid 8436] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 8436] <... futex resumed>) = 1 [pid 8436] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./225/binderfs", [pid 5832] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(AT_FDCWD, "./226/binderfs", [pid 8437] <... futex resumed>) = 0 [pid 8437] memfd_create("syzkaller", 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8438 attached [pid 8437] <... memfd_create resumed>) = 3 [pid 8437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8438] set_robust_list(0x55556b85b6a0, 24 [pid 8437] <... mmap resumed>) = 0x7f3002800000 [pid 5833] unlink("./225/binderfs" [pid 5832] <... ioctl resumed>) = 0 [pid 5830] unlink("./226/binderfs" [pid 5832] close(3 [pid 5830] <... unlink resumed>) = 0 [pid 8438] <... set_robust_list resumed>) = 0 [pid 8437] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5833] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5833] close(3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./226" [pid 5833] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5833] rmdir("./225" [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8438 [pid 5830] mkdir("./227", 0777 [pid 8438] chdir("./228" [pid 5833] <... rmdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8439 attached [pid 8438] <... chdir resumed>) = 0 [pid 8437] <... write resumed>) = 131072 [pid 5833] mkdir("./226", 0777 [pid 8439] set_robust_list(0x55556b85b6a0, 24 [pid 8438] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8439] <... set_robust_list resumed>) = 0 [pid 8438] <... prctl resumed>) = 0 [pid 8437] munmap(0x7f3002800000, 138412032 [pid 5833] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8439] chdir("./221" [pid 8438] setpgid(0, 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8439 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8437] <... munmap resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 8439] <... chdir resumed>) = 0 [pid 8438] <... setpgid resumed>) = 0 [pid 8437] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8437] <... openat resumed>) = 4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8439] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... openat resumed>) = 3 [pid 8439] <... prctl resumed>) = 0 [pid 8437] ioctl(4, LOOP_SET_FD, 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8439] setpgid(0, 0 [pid 5833] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8440 attached [pid 8439] <... setpgid resumed>) = 0 [pid 8438] <... openat resumed>) = 3 [pid 5833] close(3 [pid 8438] write(3, "1000", 4 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8440 [pid 8439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8438] <... write resumed>) = 4 [pid 5833] <... close resumed>) = 0 [pid 8438] close(3 [pid 8439] <... openat resumed>) = 3 [pid 8438] <... close resumed>) = 0 [pid 8440] set_robust_list(0x55556b85b6a0, 24 [pid 8439] write(3, "1000", 4 [pid 8438] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8439] <... write resumed>) = 4 [pid 8438] write(1, "executing program\n", 18 [pid 8439] close(3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8438] <... write resumed>) = 18 [pid 8439] <... close resumed>) = 0 ./strace-static-x86_64: Process 8441 attached [pid 8439] symlink("/dev/binderfs", "./binderfs" [pid 8438] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8440] <... set_robust_list resumed>) = 0 [pid 8441] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8441] chdir("./226" [pid 8439] <... symlink resumed>) = 0 [pid 8438] <... futex resumed>) = 0 [pid 8440] chdir("./227" [pid 8441] <... chdir resumed>) = 0 [pid 8441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8441] setpgid(0, 0 [pid 8440] <... chdir resumed>) = 0 executing program [pid 8439] write(1, "executing program\n", 18 [pid 8438] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8437] <... ioctl resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8441 [pid 8441] <... setpgid resumed>) = 0 [pid 8440] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8439] <... write resumed>) = 18 [pid 8438] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8437] close(3 [pid 8441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8440] <... prctl resumed>) = 0 [pid 8439] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8437] <... close resumed>) = 0 [pid 8441] <... openat resumed>) = 3 [pid 8440] setpgid(0, 0executing program [pid 8439] <... futex resumed>) = 0 [pid 8438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8437] close(4 [pid 8439] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8440] <... setpgid resumed>) = 0 [pid 8437] <... close resumed>) = 0 [pid 8438] <... mmap resumed>) = 0x7f300ac28000 [pid 8437] mkdir("./file1", 0777 [pid 8441] write(3, "1000", 4 [pid 8440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8437] <... mkdir resumed>) = 0 [pid 8438] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8439] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8441] <... write resumed>) = 4 [pid 8438] <... mprotect resumed>) = 0 [pid 8439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8437] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8441] close(3) = 0 [pid 8440] <... openat resumed>) = 3 [pid 8441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8441] write(1, "executing program\n", 18) = 18 [pid 8439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8438] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8441] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8438] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8441] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8440] write(3, "1000", 4 [pid 8439] <... mmap resumed>) = 0x7f300ac28000 [pid 8438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8440] <... write resumed>) = 4 [pid 8439] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 8442 attached [pid 8440] close(3 [pid 8439] <... mprotect resumed>) = 0 [pid 8438] <... clone3 resumed> => {parent_tid=[8442]}, 88) = 8442 [pid 8440] <... close resumed>) = 0 [pid 8440] symlink("/dev/binderfs", "./binderfs" [pid 8439] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8438] rt_sigprocmask(SIG_SETMASK, [], [pid 8441] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8440] <... symlink resumed>) = 0 [pid 8441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8438] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8441] <... mmap resumed>) = 0x7f300ac28000 [pid 8441] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8438] <... futex resumed>) = 0 [pid 8441] <... mprotect resumed>) = 0 [pid 8438] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8439] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 8441] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8440] write(1, "executing program\n", 18 [pid 8441] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8444 attached ./strace-static-x86_64: Process 8443 attached [pid 8442] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8440] <... write resumed>) = 18 [pid 8442] <... rseq resumed>) = 0 [pid 8443] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8442] set_robust_list(0x7f300ac489a0, 24 [pid 8441] <... clone3 resumed> => {parent_tid=[8444]}, 88) = 8444 [pid 8440] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8439] <... clone3 resumed> => {parent_tid=[8443]}, 88) = 8443 [pid 8444] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8443] <... rseq resumed>) = 0 [pid 8441] rt_sigprocmask(SIG_SETMASK, [], [pid 8444] <... rseq resumed>) = 0 [pid 8443] set_robust_list(0x7f300ac489a0, 24 [pid 8442] <... set_robust_list resumed>) = 0 [pid 8441] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 209.607243][ T8437] loop4: detected capacity change from 0 to 256 [pid 8440] <... futex resumed>) = 0 [pid 8439] rt_sigprocmask(SIG_SETMASK, [], [pid 8444] set_robust_list(0x7f300ac489a0, 24 [pid 8443] <... set_robust_list resumed>) = 0 [pid 8442] rt_sigprocmask(SIG_SETMASK, [], [pid 8441] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8440] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8444] <... set_robust_list resumed>) = 0 [pid 8443] rt_sigprocmask(SIG_SETMASK, [], [pid 8441] <... futex resumed>) = 0 [pid 8440] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8444] rt_sigprocmask(SIG_SETMASK, [], [pid 8443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8442] memfd_create("syzkaller", 0 [pid 8441] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8439] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8443] memfd_create("syzkaller", 0 [pid 8444] memfd_create("syzkaller", 0 [pid 8443] <... memfd_create resumed>) = 3 [pid 8444] <... memfd_create resumed>) = 3 [pid 8443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8443] <... mmap resumed>) = 0x7f3002800000 [pid 8444] <... mmap resumed>) = 0x7f3002800000 [pid 8443] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8444] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8443] <... write resumed>) = 131072 [pid 8442] <... memfd_create resumed>) = 3 [pid 8440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8439] <... futex resumed>) = 0 [pid 8444] <... write resumed>) = 131072 [pid 8444] munmap(0x7f3002800000, 138412032) = 0 [pid 8442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8439] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8443] munmap(0x7f3002800000, 138412032 [pid 8442] <... mmap resumed>) = 0x7f3002800000 [pid 8440] <... mmap resumed>) = 0x7f300ac28000 [pid 8440] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8444] <... openat resumed>) = 4 [pid 8443] <... munmap resumed>) = 0 [pid 8442] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8440] <... mprotect resumed>) = 0 [pid 8444] ioctl(4, LOOP_SET_FD, 3 [ 209.665199][ T8437] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8440] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8442] <... write resumed>) = 131072 [pid 8440] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8442] munmap(0x7f3002800000, 138412032 [pid 8440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8443] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8442] <... munmap resumed>) = 0 [pid 8443] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8445 attached [pid 8442] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8440] <... clone3 resumed> => {parent_tid=[8445]}, 88) = 8445 [pid 8445] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8440] rt_sigprocmask(SIG_SETMASK, [], [pid 8445] <... rseq resumed>) = 0 [pid 8442] <... openat resumed>) = 4 [pid 8440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8445] set_robust_list(0x7f300ac489a0, 24 [pid 8442] ioctl(4, LOOP_SET_FD, 3 [pid 8445] <... set_robust_list resumed>) = 0 [pid 8440] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8443] ioctl(4, LOOP_SET_FD, 3 [pid 8445] rt_sigprocmask(SIG_SETMASK, [], [pid 8440] <... futex resumed>) = 0 [pid 8437] <... mount resumed>) = 0 [pid 8440] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8437] <... openat resumed>) = 3 [pid 8445] memfd_create("syzkaller", 0 [pid 8437] chdir("./file1" [pid 8445] <... memfd_create resumed>) = 3 [pid 8437] <... chdir resumed>) = 0 [pid 8445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8437] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8445] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8437] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8437] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8436] <... futex resumed>) = 0 [pid 8437] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8436] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8436] <... futex resumed>) = 0 [pid 8437] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8436] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8444] <... ioctl resumed>) = 0 [ 209.721468][ T8444] loop3: detected capacity change from 0 to 256 [ 209.735525][ T8442] loop1: detected capacity change from 0 to 256 [ 209.739234][ T8443] loop2: detected capacity change from 0 to 256 [pid 8444] close(3) = 0 [pid 8442] <... ioctl resumed>) = 0 [pid 8437] <... openat resumed>) = 4 [pid 8442] close(3 [pid 8437] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8436] <... futex resumed>) = 0 [pid 8437] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8436] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8436] <... futex resumed>) = 0 [pid 8437] mkdir("./file2", 0777 [pid 8444] close(4) = 0 [pid 8444] mkdir("./file1", 0777 [pid 8445] <... write resumed>) = 131072 [pid 8444] <... mkdir resumed>) = 0 [pid 8442] <... close resumed>) = 0 [pid 8436] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8444] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8445] munmap(0x7f3002800000, 138412032 [ 209.766261][ T8437] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8442] close(4 [pid 8445] <... munmap resumed>) = 0 [pid 8442] <... close resumed>) = 0 [pid 8443] <... ioctl resumed>) = 0 [pid 8443] close(3) = 0 [pid 8443] close(4) = 0 [pid 8443] mkdir("./file1", 0777) = 0 [pid 8445] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8442] mkdir("./file1", 0777 [pid 8443] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8442] <... mkdir resumed>) = 0 [pid 8445] <... openat resumed>) = 4 [pid 8442] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8445] ioctl(4, LOOP_SET_FD, 3 [pid 8437] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8436] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8436] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8445] <... ioctl resumed>) = 0 [pid 8437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8436] <... futex resumed>) = 0 [pid 8445] close(3) = 0 [pid 8437] +++ killed by SIGSEGV +++ [pid 8445] close(4 [pid 8436] +++ killed by SIGSEGV +++ [pid 8445] <... close resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8436, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8445] mkdir("./file1", 0777 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8445] <... mkdir resumed>) = 0 [ 209.794107][ T8437] exFAT-fs (loop4): Filesystem has been set read-only [ 209.811901][ T8445] loop0: detected capacity change from 0 to 256 [ 209.829297][ T8442] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8445] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8442] <... mount resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 8442] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8442] chdir("./file1" [ 209.861797][ T8444] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 209.866501][ T8445] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8442] <... chdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8442] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 8442] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] newfstatat(3, "", [pid 8442] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8438] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8442] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8438] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 8442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8438] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8442] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8438] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8444] <... mount resumed>) = 0 [pid 8442] <... openat resumed>) = 4 [pid 8442] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8438] <... futex resumed>) = 0 [ 209.910208][ T8443] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8445] <... mount resumed>) = 0 [pid 8442] mkdir("./file2", 0777 [pid 8438] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8445] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8438] <... futex resumed>) = 0 [pid 8444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8438] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8444] <... openat resumed>) = 3 [pid 8444] chdir("./file1" [pid 8445] <... openat resumed>) = 3 [pid 8444] <... chdir resumed>) = 0 [pid 8443] <... mount resumed>) = 0 [pid 8444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8445] chdir("./file1" [pid 8444] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8443] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... umount2 resumed>) = 0 [pid 8444] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8443] <... openat resumed>) = 3 [pid 8444] <... futex resumed>) = 1 [pid 8443] chdir("./file1" [pid 5834] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8445] <... chdir resumed>) = 0 [pid 8444] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8443] <... chdir resumed>) = 0 [pid 8443] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8443] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8439] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8445] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8439] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8443] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8439] <... futex resumed>) = 0 [pid 8445] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8441] <... futex resumed>) = 0 [pid 8439] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(AT_FDCWD, "./225/file1", [pid 8445] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8441] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8445] <... futex resumed>) = 1 [pid 8444] <... futex resumed>) = 0 [pid 8441] <... futex resumed>) = 1 [pid 8440] <... futex resumed>) = 0 [pid 5834] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8444] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8441] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8445] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8444] <... openat resumed>) = 4 [pid 8443] <... openat resumed>) = 4 [pid 8440] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8444] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8443] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8444] <... futex resumed>) = 1 [pid 8443] <... futex resumed>) = 1 [pid 8441] <... futex resumed>) = 0 [pid 8440] <... futex resumed>) = 0 [pid 8439] <... futex resumed>) = 0 [pid 8443] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8441] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8445] <... openat resumed>) = 4 [pid 8443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8442] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8440] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8439] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 4 [pid 8445] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8444] mkdir("./file2", 0777 [pid 8443] mkdir("./file2", 0777 [pid 8439] <... futex resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 8439] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8445] <... futex resumed>) = 1 [pid 8440] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 209.962748][ T8442] exFAT-fs (loop1): error, data size is invalid(9000) [ 209.988933][ T8442] exFAT-fs (loop1): Filesystem has been set read-only [pid 8445] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8440] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8440] <... futex resumed>) = 0 [pid 8445] mkdir("./file2", 0777 [pid 5834] getdents64(4, [pid 8442] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8441] <... futex resumed>) = 0 [pid 8440] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8438] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8441] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8438] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(4, [pid 8438] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8442] +++ killed by SIGSEGV +++ [pid 8438] +++ killed by SIGSEGV +++ [pid 5834] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8438, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8439] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8439] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] rmdir("./225/file1" [pid 8439] <... futex resumed>) = 0 [pid 8439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8445] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8439] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 210.008019][ T8445] exFAT-fs (loop0): error, data size is invalid(9000) [ 210.008052][ T8443] exFAT-fs (loop2): error, data size is invalid(9000) [ 210.021959][ T8444] exFAT-fs (loop3): error, data size is invalid(9000) [ 210.025359][ T8445] exFAT-fs (loop0): Filesystem has been set read-only [ 210.036101][ T8444] exFAT-fs (loop3): Filesystem has been set read-only [pid 8445] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8439] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8441] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8439] <... mprotect resumed>) = 0 [pid 5831] getdents64(3, [pid 8441] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./225/binderfs", [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8440] <... futex resumed>) = ? [pid 8439] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8441] <... futex resumed>) = 0 [pid 5831] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8444] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8445] +++ killed by SIGSEGV +++ [pid 8444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8441] <... mmap resumed>) = 0x7f300ac07000 [pid 8440] +++ killed by SIGSEGV +++ [pid 8439] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] unlink("./225/binderfs" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8440, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8444] +++ killed by SIGSEGV +++ [pid 8439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... unlink resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8443] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 8446 attached [pid 8441] +++ killed by SIGSEGV +++ [pid 5834] getdents64(3, [pid 5830] <... restart_syscall resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8441, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8446] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8439] <... clone3 resumed> => {parent_tid=[8446]}, 88) = 8446 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8446] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8446] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8443] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] close(3 [pid 5833] openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 8446] <... futex resumed>) = ? [pid 5830] newfstatat(3, "", [pid 5833] <... openat resumed>) = 3 [pid 8446] +++ killed by SIGSEGV +++ [pid 8443] +++ killed by SIGSEGV +++ [pid 5833] newfstatat(3, "", [pid 5834] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5833] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] rmdir("./225" [pid 5830] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8439] +++ killed by SIGSEGV +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8439, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5834] <... rmdir resumed>) = 0 [pid 5833] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] mkdir("./226", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./228/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 5834] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] close(4) = 0 [pid 5831] rmdir("./228/file1") = 0 [pid 5831] umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./228/binderfs" [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5834] close(3 [ 210.071780][ T8443] exFAT-fs (loop2): Filesystem has been set read-only [pid 5832] openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... umount2 resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = 0 [pid 5833] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8447 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./226/file1", [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] newfstatat(AT_FDCWD, "./227/file1", [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8447 attached [pid 5833] openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, [pid 8447] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(4, "", [pid 5832] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5830] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5833] getdents64(4, [pid 5832] newfstatat(AT_FDCWD, "./221/file1", [pid 5831] rmdir("./228" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5833] getdents64(4, [pid 5830] getdents64(4, [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./221/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./229", 0777 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... mkdir resumed>) = 0 [pid 5830] getdents64(4, [pid 5833] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./221/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] rmdir("./226/file1" [pid 5832] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 3 [pid 5830] close(4 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5833] umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] rmdir("./227/file1" [pid 8447] <... set_robust_list resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8447] chdir("./226" [pid 5832] getdents64(4, [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 8447] <... chdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8447] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] newfstatat(AT_FDCWD, "./226/binderfs", [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8447] <... prctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./227/binderfs", [pid 8447] setpgid(0, 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(4 [pid 8447] <... setpgid resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] unlink("./226/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] unlink("./227/binderfs"./strace-static-x86_64: Process 8448 attached [pid 8447] <... openat resumed>) = 3 [pid 5833] <... unlink resumed>) = 0 [pid 5832] rmdir("./221/file1" [pid 5830] <... unlink resumed>) = 0 [pid 8448] set_robust_list(0x55556b85b6a0, 24 [pid 8447] write(3, "1000", 4 [pid 5833] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8448 [pid 5830] getdents64(3, [pid 8447] <... write resumed>) = 4 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8448] <... set_robust_list resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 8448] chdir("./229" [pid 8447] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 8448] <... chdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8448] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] rmdir("./226" [pid 8448] <... prctl resumed>) = 0 [pid 8447] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./221/binderfs", [pid 5830] <... close resumed>) = 0 [pid 8447] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] rmdir("./227" [pid 8448] setpgid(0, 0 [pid 8447] <... symlink resumed>) = 0 [pid 5833] mkdir("./227", 0777 [pid 5832] unlink("./221/binderfs" [pid 5830] <... rmdir resumed>) = 0 [pid 8448] <... setpgid resumed>) = 0 [pid 8447] write(1, "executing program\n", 18executing program [pid 5832] <... unlink resumed>) = 0 [pid 5830] mkdir("./228", 0777 [pid 8448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8447] <... write resumed>) = 18 [pid 5833] <... mkdir resumed>) = 0 [pid 8448] <... openat resumed>) = 3 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 8448] write(3, "1000", 4 [pid 8447] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8448] <... write resumed>) = 4 [pid 8447] <... futex resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] close(3 [pid 8448] close(3 [pid 8447] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8448] <... close resumed>) = 0 [pid 5833] close(3 [pid 5832] rmdir("./221" [pid 8448] symlink("/dev/binderfs", "./binderfs" [pid 8447] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8448] <... symlink resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... openat resumed>) = 3 [pid 8447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] mkdir("./222", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] close(3./strace-static-x86_64: Process 8449 attached [pid 8448] write(1, "executing program\n", 18 [pid 8447] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... close resumed>) = 0 executing program [pid 8449] set_robust_list(0x55556b85b6a0, 24 [pid 8448] <... write resumed>) = 18 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8449 [pid 8448] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8447] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... openat resumed>) = 3 [pid 8448] <... futex resumed>) = 0 [pid 8447] <... mprotect resumed>) = 0 [pid 8449] <... set_robust_list resumed>) = 0 [pid 8448] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8449] chdir("./227" [pid 8448] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8449] <... chdir resumed>) = 0 [pid 8448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 8450 attached NULL, 8) = 0 [pid 8447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] close(3 [pid 8448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8451 attached [pid 8449] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8448] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... close resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8450 [pid 8451] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8449] <... prctl resumed>) = 0 [pid 8448] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8451] <... rseq resumed>) = 0 [pid 8451] set_robust_list(0x7f300ac489a0, 24 [pid 8450] set_robust_list(0x55556b85b6a0, 24 [pid 8449] setpgid(0, 0 [pid 8448] <... mprotect resumed>) = 0 [pid 8451] <... set_robust_list resumed>) = 0 [pid 8449] <... setpgid resumed>) = 0 [pid 8448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8450] <... set_robust_list resumed>) = 0 [pid 8449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8447] <... clone3 resumed> => {parent_tid=[8451]}, 88) = 8451 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8451] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] <... openat resumed>) = 3 [pid 8448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8450] chdir("./228" [pid 8447] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8452 attached [pid 8450] <... chdir resumed>) = 0 [pid 8447] <... futex resumed>) = 1 [pid 8452] set_robust_list(0x55556b85b6a0, 24 [pid 8451] <... futex resumed>) = 0 [pid 8450] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8447] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8450] <... prctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8452 [pid 8451] memfd_create("syzkaller", 0 [pid 8450] setpgid(0, 0) = 0 [pid 8452] <... set_robust_list resumed>) = 0 [pid 8450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8453 attached [pid 8452] chdir("./222" [pid 8451] <... memfd_create resumed>) = 3 [pid 8450] <... openat resumed>) = 3 [pid 8449] write(3, "1000", 4 [pid 8448] <... clone3 resumed> => {parent_tid=[8453]}, 88) = 8453 [pid 8453] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8452] <... chdir resumed>) = 0 [pid 8451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8450] write(3, "1000", 4 [pid 8449] <... write resumed>) = 4 [pid 8448] rt_sigprocmask(SIG_SETMASK, [], [pid 8453] <... rseq resumed>) = 0 [pid 8452] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8450] <... write resumed>) = 4 [pid 8449] close(3 [pid 8448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] <... prctl resumed>) = 0 [pid 8450] close(3 [pid 8452] setpgid(0, 0 [pid 8450] <... close resumed>) = 0 [pid 8449] <... close resumed>) = 0 [pid 8448] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8452] <... setpgid resumed>) = 0 [pid 8451] <... mmap resumed>) = 0x7f3002800000 [pid 8450] symlink("/dev/binderfs", "./binderfs" [pid 8449] symlink("/dev/binderfs", "./binderfs" [pid 8448] <... futex resumed>) = 0 [pid 8453] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8450] <... symlink resumed>) = 0 [pid 8448] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8452] <... openat resumed>) = 3 [pid 8453] rt_sigprocmask(SIG_SETMASK, [], [pid 8451] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 executing program [pid 8452] write(3, "1000", 4 [pid 8450] write(1, "executing program\n", 18 [pid 8449] <... symlink resumed>) = 0 executing program [pid 8453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] <... write resumed>) = 4 [pid 8450] <... write resumed>) = 18 [pid 8453] memfd_create("syzkaller", 0 [pid 8452] close(3 [pid 8450] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8449] write(1, "executing program\n", 18 [pid 8450] <... futex resumed>) = 0 [pid 8452] <... close resumed>) = 0 [pid 8450] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8452] symlink("/dev/binderfs", "./binderfs" [pid 8450] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8450] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8452] <... symlink resumed>) = 0 [pid 8450] <... mprotect resumed>) = 0 [pid 8450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8454 attached [pid 8452] write(1, "executing program\n", 18) = 18 [pid 8450] <... clone3 resumed> => {parent_tid=[8454]}, 88) = 8454 [pid 8452] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8450] rt_sigprocmask(SIG_SETMASK, [], [pid 8452] <... futex resumed>) = 0 [pid 8450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8450] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8454] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8452] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8450] <... futex resumed>) = 0 [pid 8454] <... rseq resumed>) = 0 [pid 8452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8450] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8454] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8452] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8454] memfd_create("syzkaller", 0 [pid 8452] <... mprotect resumed>) = 0 [pid 8454] <... memfd_create resumed>) = 3 [pid 8452] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 executing program [pid 8452] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8455 attached [pid 8453] <... memfd_create resumed>) = 3 [pid 8451] <... write resumed>) = 131072 [pid 8449] <... write resumed>) = 18 [pid 8455] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8454] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8452] <... clone3 resumed> => {parent_tid=[8455]}, 88) = 8455 [pid 8455] <... rseq resumed>) = 0 [pid 8452] rt_sigprocmask(SIG_SETMASK, [], [pid 8455] set_robust_list(0x7f300ac489a0, 24 [pid 8452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8452] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8455] <... set_robust_list resumed>) = 0 [pid 8452] <... futex resumed>) = 0 [pid 8455] rt_sigprocmask(SIG_SETMASK, [], [pid 8454] <... write resumed>) = 131072 [pid 8452] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8455] memfd_create("syzkaller", 0 [pid 8454] munmap(0x7f3002800000, 138412032 [pid 8453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8451] munmap(0x7f3002800000, 138412032 [pid 8449] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8455] <... memfd_create resumed>) = 3 [pid 8451] <... munmap resumed>) = 0 [pid 8449] <... futex resumed>) = 0 [pid 8455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8454] <... munmap resumed>) = 0 [pid 8453] <... mmap resumed>) = 0x7f3002800000 [pid 8451] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8449] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8455] <... mmap resumed>) = 0x7f3002800000 [pid 8451] <... openat resumed>) = 4 [pid 8449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8455] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8454] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8453] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8451] ioctl(4, LOOP_SET_FD, 3 [pid 8449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8454] <... openat resumed>) = 4 [pid 8449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8454] ioctl(4, LOOP_SET_FD, 3 [pid 8449] <... mmap resumed>) = 0x7f300ac28000 [pid 8455] <... write resumed>) = 131072 [pid 8453] <... write resumed>) = 131072 [pid 8449] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8453] munmap(0x7f3002800000, 138412032 [pid 8449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8456 attached [pid 8455] munmap(0x7f3002800000, 138412032 [pid 8456] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8455] <... munmap resumed>) = 0 [pid 8453] <... munmap resumed>) = 0 [pid 8449] <... clone3 resumed> => {parent_tid=[8456]}, 88) = 8456 [pid 8456] <... rseq resumed>) = 0 [pid 8453] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8451] <... ioctl resumed>) = 0 [pid 8449] rt_sigprocmask(SIG_SETMASK, [], [pid 8455] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8456] set_robust_list(0x7f300ac489a0, 24 [pid 8453] <... openat resumed>) = 4 [pid 8451] close(3 [pid 8449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8456] <... set_robust_list resumed>) = 0 [pid 8455] <... openat resumed>) = 4 [pid 8453] ioctl(4, LOOP_SET_FD, 3 [pid 8451] <... close resumed>) = 0 [pid 8449] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8456] rt_sigprocmask(SIG_SETMASK, [], [pid 8455] ioctl(4, LOOP_SET_FD, 3 [pid 8456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8454] <... ioctl resumed>) = 0 [pid 8453] <... ioctl resumed>) = 0 [pid 8451] close(4 [pid 8449] <... futex resumed>) = 0 [pid 8456] memfd_create("syzkaller", 0 [pid 8453] close(3 [pid 8451] <... close resumed>) = 0 [pid 8449] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8456] <... memfd_create resumed>) = 3 [pid 8453] <... close resumed>) = 0 [pid 8451] mkdir("./file1", 0777 [pid 8456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8453] close(4 [pid 8451] <... mkdir resumed>) = 0 [pid 8453] <... close resumed>) = 0 [pid 8451] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8454] close(3 [pid 8453] mkdir("./file1", 0777 [pid 8454] <... close resumed>) = 0 [pid 8454] close(4) = 0 [pid 8454] mkdir("./file1", 0777) = 0 [pid 8453] <... mkdir resumed>) = 0 [ 210.305937][ T8451] loop4: detected capacity change from 0 to 256 [ 210.309005][ T8454] loop0: detected capacity change from 0 to 256 [ 210.323722][ T8453] loop1: detected capacity change from 0 to 256 [ 210.325816][ T8455] loop2: detected capacity change from 0 to 256 [pid 8453] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8456] <... mmap resumed>) = 0x7f3002800000 [pid 8454] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8456] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8455] <... ioctl resumed>) = 0 [pid 8456] <... write resumed>) = 131072 [pid 8455] close(3) = 0 [pid 8455] close(4) = 0 [pid 8455] mkdir("./file1", 0777) = 0 [pid 8455] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8456] munmap(0x7f3002800000, 138412032) = 0 [pid 8456] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 210.369478][ T8451] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 210.402159][ T8454] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8456] ioctl(4, LOOP_SET_FD, 3 [pid 8451] <... mount resumed>) = 0 [pid 8456] <... ioctl resumed>) = 0 [pid 8451] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8456] close(3 [pid 8451] chdir("./file1" [pid 8456] <... close resumed>) = 0 [pid 8451] <... chdir resumed>) = 0 [pid 8451] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8456] close(4) = 0 [pid 8451] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 210.422696][ T8453] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 210.435273][ T8456] loop3: detected capacity change from 0 to 256 [pid 8456] mkdir("./file1", 0777 [pid 8453] <... mount resumed>) = 0 [pid 8451] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8456] <... mkdir resumed>) = 0 [pid 8451] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8453] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8447] <... futex resumed>) = 0 [pid 8456] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8454] <... mount resumed>) = 0 [pid 8453] <... openat resumed>) = 3 [pid 8451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8447] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8453] chdir("./file1" [pid 8451] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8447] <... futex resumed>) = 0 [pid 8453] <... chdir resumed>) = 0 [pid 8454] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8453] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8447] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8454] chdir("./file1") = 0 [pid 8453] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8454] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8453] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8454] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8453] <... futex resumed>) = 1 [pid 8454] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8453] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8454] <... futex resumed>) = 1 [pid 8451] <... openat resumed>) = 4 [pid 8448] <... futex resumed>) = 0 [pid 8451] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8448] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8451] <... futex resumed>) = 1 [pid 8447] <... futex resumed>) = 0 [pid 8448] <... futex resumed>) = 1 [pid 8453] <... futex resumed>) = 0 [pid 8453] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8451] mkdir("./file2", 0777 [pid 8448] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8447] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8454] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8453] <... openat resumed>) = 4 [pid 8450] <... futex resumed>) = 0 [pid 8447] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8450] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 210.471384][ T8455] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 210.497911][ T8451] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8453] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8454] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8453] <... futex resumed>) = 1 [pid 8450] <... futex resumed>) = 0 [pid 8448] <... futex resumed>) = 0 [pid 8450] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8448] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8453] mkdir("./file2", 0777 [pid 8448] <... futex resumed>) = 0 [pid 8448] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8455] <... mount resumed>) = 0 [pid 8455] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8455] chdir("./file1") = 0 [pid 8455] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8455] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8455] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8452] <... futex resumed>) = 0 [pid 8452] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8455] <... futex resumed>) = 0 [pid 8454] <... openat resumed>) = 4 [pid 8454] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8455] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8454] <... futex resumed>) = 1 [pid 8450] <... futex resumed>) = 0 [pid 8454] mkdir("./file2", 0777 [pid 8452] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8450] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8447] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 210.514237][ T8456] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 210.528830][ T8453] exFAT-fs (loop1): error, data size is invalid(9000) [ 210.535665][ T8453] exFAT-fs (loop1): Filesystem has been set read-only [ 210.558829][ T8451] exFAT-fs (loop4): Filesystem has been set read-only [pid 8453] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8450] <... futex resumed>) = 0 [pid 8448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8447] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8453] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8448] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8447] <... futex resumed>) = 0 [pid 8456] <... mount resumed>) = 0 [pid 8455] <... openat resumed>) = 4 [pid 8451] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8450] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8448] <... futex resumed>) = ? [pid 8447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8453] +++ killed by SIGSEGV +++ [pid 8451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8448] +++ killed by SIGSEGV +++ [pid 8447] <... mmap resumed>) = 0x7f300ac07000 [pid 8447] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8455] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8447] <... mprotect resumed>) = ? [pid 8455] <... futex resumed>) = 1 [pid 8451] +++ killed by SIGSEGV +++ [pid 8447] +++ killed by SIGSEGV +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8448, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8456] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8455] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8447, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8456] <... openat resumed>) = 3 [pid 8452] <... futex resumed>) = 0 [pid 8456] chdir("./file1" [pid 8452] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8455] <... futex resumed>) = 0 [pid 8452] <... futex resumed>) = 1 [pid 5834] umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8455] mkdir("./file2", 0777 [pid 8452] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 210.580447][ T8454] exFAT-fs (loop0): error, data size is invalid(9000) [ 210.587279][ T8454] exFAT-fs (loop0): Filesystem has been set read-only [pid 8456] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 8456] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8456] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... openat resumed>) = 3 [pid 8456] <... futex resumed>) = 1 [pid 8449] <... futex resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8456] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8450] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8449] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8449] <... futex resumed>) = 0 [pid 5834] getdents64(3, [pid 8449] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8456] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8450] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] newfstatat(3, "", [pid 5834] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8450] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] getdents64(3, [pid 8450] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8450] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] newfstatat(AT_FDCWD, "./226/file1", [pid 8450] <... mprotect resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8450] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8450] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8457 attached [pid 8456] <... openat resumed>) = 4 [pid 8452] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = 0 [pid 8457] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5834] openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8457] <... rseq resumed>) = 0 [pid 8456] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8452] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8450] <... clone3 resumed> => {parent_tid=[8457]}, 88) = 8457 [pid 5834] <... openat resumed>) = 4 [pid 8457] set_robust_list(0x7f300ac279a0, 24 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(4, "", [pid 8457] <... set_robust_list resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./229/file1", [pid 8457] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8457] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 210.620822][ T8455] exFAT-fs (loop2): error, data size is invalid(9000) [pid 5834] getdents64(4, [pid 5831] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8456] <... futex resumed>) = 1 [pid 8452] <... futex resumed>) = 0 [pid 8450] rt_sigprocmask(SIG_SETMASK, [], [pid 8449] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8456] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8455] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8454] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8452] <... mmap resumed>) = 0x7f300ac07000 [pid 8450] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8449] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8456] mkdir("./file2", 0777 [pid 8455] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8454] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8452] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8450] <... futex resumed>) = 1 [pid 8449] <... futex resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8449] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8457] <... futex resumed>) = 0 [pid 5831] close(4 [pid 8457] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5831] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 5831] rmdir("./229/file1" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8457] <... ioctl resumed>) = 0 [pid 5834] close(4 [pid 5831] umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8457] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8457] <... futex resumed>) = 0 [pid 5834] rmdir("./226/file1" [pid 5831] newfstatat(AT_FDCWD, "./229/binderfs", [pid 8457] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8452] <... mprotect resumed>) = 0 [pid 8450] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8452] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] unlink("./229/binderfs" [pid 8452] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] getdents64(3, [pid 8452] <... clone3 resumed> => {parent_tid=[8458]}, 88) = 8458 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8458 attached [pid 8452] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8452] <... rt_sigprocmask resumed> ) = ? [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 8458] +++ killed by SIGSEGV +++ [pid 5834] newfstatat(AT_FDCWD, "./226/binderfs", [pid 5831] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./229" [pid 8457] <... futex resumed>) = ? [pid 8455] +++ killed by SIGSEGV +++ [pid 8456] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8452] +++ killed by SIGSEGV +++ [pid 5834] unlink("./226/binderfs" [pid 5831] <... rmdir resumed>) = 0 [pid 8457] +++ killed by SIGSEGV +++ [pid 8456] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8454] +++ killed by SIGSEGV +++ [pid 8450] +++ killed by SIGSEGV +++ [pid 5834] <... unlink resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8452, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] mkdir("./230", 0777 [pid 8449] <... futex resumed>) = ? [pid 5834] getdents64(3, [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... mkdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8450, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8456] +++ killed by SIGSEGV +++ [pid 8449] +++ killed by SIGSEGV +++ [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8449, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] rmdir("./226" [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5830] openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] mkdir("./227", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5834] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] newfstatat(3, "", [pid 5834] <... openat resumed>) = 3 [pid 5832] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(3 [ 210.673935][ T8455] exFAT-fs (loop2): Filesystem has been set read-only [ 210.699463][ T8456] exFAT-fs (loop3): error, data size is invalid(9000) [ 210.706644][ T8456] exFAT-fs (loop3): Filesystem has been set read-only [pid 5830] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8459 attached ) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5833] newfstatat(3, "", [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8459 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8459] set_robust_list(0x55556b85b6a0, 24 [pid 5834] close(3 [pid 5833] getdents64(3, [pid 8459] <... set_robust_list resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8459] chdir("./230" [pid 5833] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8459] <... chdir resumed>) = 0 [pid 8459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8459] setpgid(0, 0) = 0 [pid 8459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8459] write(3, "1000", 4) = 4 [pid 8459] close(3) = 0 [pid 8459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] <... close resumed>) = 0 executing program [pid 8459] write(1, "executing program\n", 18 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8459] <... write resumed>) = 18 [pid 8459] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8459] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 ./strace-static-x86_64: Process 8460 attached [pid 5830] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./227/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./228/file1", [pid 8460] set_robust_list(0x55556b85b6a0, 24 [pid 5833] openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8460] <... set_robust_list resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8460 [pid 5832] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8460] chdir("./227" [pid 5833] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8460] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./222/file1", [pid 8460] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8460] <... prctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8460] setpgid(0, 0 [pid 5832] umount2("./222/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8460] <... setpgid resumed>) = 0 [pid 8459] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./222/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(4, "", [pid 8460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8459] <... mprotect resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8460] <... openat resumed>) = 3 [pid 8459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(4, [pid 5830] getdents64(4, [pid 8460] write(3, "1000", 4 [pid 8459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] newfstatat(4, "", [pid 8460] <... write resumed>) = 4 [pid 8459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] getdents64(4, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8461 attached [pid 8460] close(3 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 8461] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8460] <... close resumed>) = 0 [pid 8459] <... clone3 resumed> => {parent_tid=[8461]}, 88) = 8461 [pid 5833] close(4 [pid 5832] getdents64(4, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8461] <... rseq resumed>) = 0 [pid 8459] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8461] set_robust_list(0x7f300ac489a0, 24 [pid 8459] <... futex resumed>) = 0 [pid 8461] <... set_robust_list resumed>) = 0 [pid 8459] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8461] memfd_create("syzkaller", 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] close(4 [pid 8461] <... memfd_create resumed>) = 3 [pid 5832] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 8461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./227/file1" [pid 8461] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8460] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] rmdir("./228/file1" [pid 5833] umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8461] <... write resumed>) = 131072 [pid 8460] <... symlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4 [pid 5830] <... rmdir resumed>) = 0 [pid 8461] munmap(0x7f3002800000, 138412032 [pid 5833] newfstatat(AT_FDCWD, "./227/binderfs", [pid 5832] <... close resumed>) = 0 [pid 5830] umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8461] <... munmap resumed>) = 0 [pid 8460] write(1, "executing program\n", 18 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./222/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8461] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] unlink("./227/binderfs" [pid 5830] newfstatat(AT_FDCWD, "./228/binderfs", [pid 8461] <... openat resumed>) = 4 [pid 8460] <... write resumed>) = 18 [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8461] ioctl(4, LOOP_SET_FD, 3 [pid 5833] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8460] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./228/binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8461] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8461] ioctl(4, LOOP_CLR_FD [pid 8460] <... futex resumed>) = 0 [pid 5833] close(3 [pid 5832] newfstatat(AT_FDCWD, "./222/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 8461] <... ioctl resumed>) = 0 [pid 8460] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5833] rmdir("./227" [pid 5832] unlink("./222/binderfs" [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8460] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] close(3 [pid 8461] ioctl(4, LOOP_SET_FD, 3 [pid 8460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] mkdir("./228", 0777 [pid 5830] <... close resumed>) = 0 [pid 8461] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... mkdir resumed>) = 0 [pid 8461] close(4 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8461] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8461] close(3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8461] <... close resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5833] close(3 [pid 8460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] rmdir("./228" [pid 8460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8460] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] close(3 [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8462 attached [pid 8461] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8460] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8462 [pid 8462] set_robust_list(0x55556b85b6a0, 24 [pid 8461] <... futex resumed>) = 1 [pid 8459] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] mkdir("./229", 0777 [pid 8462] <... set_robust_list resumed>) = 0 [pid 8461] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8460] <... mprotect resumed>) = 0 [pid 8459] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./222" [pid 8459] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8459] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8462] chdir("./228" [pid 8461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... rmdir resumed>) = 0 [pid 8460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8462] <... chdir resumed>) = 0 [pid 8461] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8463 attached [pid 8462] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8461] <... openat resumed>) = 3 [pid 8460] <... clone3 resumed> => {parent_tid=[8463]}, 88) = 8463 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8462] <... prctl resumed>) = 0 [pid 8461] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8462] setpgid(0, 0) = 0 [pid 8461] <... futex resumed>) = 1 [pid 8459] <... futex resumed>) = 0 [pid 8462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8459] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8462] <... openat resumed>) = 3 [pid 8461] mkdir("./file2", 0777 [pid 8459] <... futex resumed>) = 0 [pid 8462] write(3, "1000", 4 [pid 8461] <... mkdir resumed>) = 0 [pid 8460] rt_sigprocmask(SIG_SETMASK, [], [pid 8459] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8463] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8462] <... write resumed>) = 4 [pid 8461] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8459] <... futex resumed>) = ? [pid 8462] close(3) = 0 [pid 8462] symlink("/dev/binderfs", "./binderfs" [pid 8463] <... rseq resumed>) = 0 [pid 8462] <... symlink resumed>) = 0 [pid 8460] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] mkdir("./223", 0777 [pid 5830] ioctl(3, LOOP_CLR_FDexecuting program [pid 8462] write(1, "executing program\n", 18) = 18 [pid 8462] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8460] <... futex resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8463] set_robust_list(0x7f300ac489a0, 24 [pid 5830] <... ioctl resumed>) = 0 [pid 8463] <... set_robust_list resumed>) = 0 [pid 8462] <... futex resumed>) = 0 [pid 8460] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] close(3 [pid 8463] rt_sigprocmask(SIG_SETMASK, [], [pid 8462] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8461] +++ killed by SIGSEGV +++ [pid 8459] +++ killed by SIGSEGV +++ [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8462] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... close resumed>) = 0 [pid 8463] memfd_create("syzkaller", 0 [pid 8462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8459, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8463] <... memfd_create resumed>) = 3 [pid 8462] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8462] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... ioctl resumed>) = 0 [pid 8462] <... mprotect resumed>) = 0 [pid 8462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 8464 attached [pid 8463] <... mmap resumed>) = 0x7f3002800000 [pid 8462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] close(3 [pid 8464] set_robust_list(0x55556b85b6a0, 24./strace-static-x86_64: Process 8465 attached ) = 0 [pid 8464] chdir("./229" [pid 8463] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... close resumed>) = 0 [pid 8465] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8464] <... chdir resumed>) = 0 [pid 8462] <... clone3 resumed> => {parent_tid=[8465]}, 88) = 8465 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8464 [pid 8465] <... rseq resumed>) = 0 [pid 8464] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8462] rt_sigprocmask(SIG_SETMASK, [], [pid 8465] set_robust_list(0x7f300ac489a0, 24 [pid 8464] <... prctl resumed>) = 0 [pid 8462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8465] <... set_robust_list resumed>) = 0 [pid 8462] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8465] rt_sigprocmask(SIG_SETMASK, [], [pid 8464] setpgid(0, 0 [pid 8462] <... futex resumed>) = 0 [pid 8465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8464] <... setpgid resumed>) = 0 [pid 8462] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8465] memfd_create("syzkaller", 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8465] <... memfd_create resumed>) = 3 [pid 8464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8466 attached [pid 8465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8464] <... openat resumed>) = 3 [pid 5831] umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8466] set_robust_list(0x55556b85b6a0, 24 [pid 8465] <... mmap resumed>) = 0x7f3002800000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8466 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8464] write(3, "1000", 4 [pid 8466] <... set_robust_list resumed>) = 0 [pid 8465] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8464] <... write resumed>) = 4 [pid 8463] <... write resumed>) = 131072 [pid 5831] openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8466] chdir("./223") = 0 [pid 8464] close(3 [pid 5831] <... openat resumed>) = 3 [pid 8466] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8464] <... close resumed>) = 0 [pid 8463] munmap(0x7f3002800000, 138412032 [pid 5831] newfstatat(3, "", [pid 8466] <... prctl resumed>) = 0 [pid 8466] setpgid(0, 0 [pid 8465] <... write resumed>) = 131072 [pid 8464] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 8466] <... setpgid resumed>) = 0 [pid 8464] <... symlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./230/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8466] <... openat resumed>) = 3 [pid 8465] munmap(0x7f3002800000, 138412032executing program [pid 8464] write(1, "executing program\n", 18 [pid 8463] <... munmap resumed>) = 0 [pid 8466] write(3, "1000", 4 [pid 8465] <... munmap resumed>) = 0 [pid 8464] <... write resumed>) = 18 [pid 8466] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./230/devices.list", [pid 8464] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8466] close(3 [pid 8464] <... futex resumed>) = 0 [pid 8466] <... close resumed>) = 0 [pid 8464] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8466] symlink("/dev/binderfs", "./binderfs" [pid 8465] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8464] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8466] <... symlink resumed>) = 0 [pid 8465] <... openat resumed>) = 4 [pid 8464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8465] ioctl(4, LOOP_SET_FD, 3 [pid 8464] <... mmap resumed>) = 0x7f300ac28000 [pid 8466] write(1, "executing program\n", 18 [pid 8463] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8464] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8463] <... openat resumed>) = 4 [pid 5831] unlink("./230/devices.list" [pid 8464] <... mprotect resumed>) = 0 [pid 8464] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8463] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... unlink resumed>) = 0 [pid 8464] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8466] <... write resumed>) = 18 [pid 8464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8466] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8466] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8464] <... clone3 resumed> => {parent_tid=[8467]}, 88) = 8467 [pid 8466] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8464] rt_sigprocmask(SIG_SETMASK, [], [pid 8466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8464] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8464] <... futex resumed>) = 0 [pid 8466] <... mmap resumed>) = 0x7f300ac28000 [pid 8464] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8467 attached [pid 8466] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] newfstatat(AT_FDCWD, "./230/binderfs", [pid 8466] <... mprotect resumed>) = 0 [pid 8466] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./230/binderfs" [pid 8467] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8466] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8467] <... rseq resumed>) = 0 [pid 8467] set_robust_list(0x7f300ac489a0, 24 [pid 8466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8468 attached [pid 8467] <... set_robust_list resumed>) = 0 [pid 5831] umount2("./230/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8467] rt_sigprocmask(SIG_SETMASK, [], [pid 8466] <... clone3 resumed> => {parent_tid=[8468]}, 88) = 8468 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8468] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8466] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] newfstatat(AT_FDCWD, "./230/file2", [pid 8468] <... rseq resumed>) = 0 [pid 8467] memfd_create("syzkaller", 0 [pid 8466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8468] set_robust_list(0x7f300ac489a0, 24 [pid 8467] <... memfd_create resumed>) = 3 [pid 8466] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8468] <... set_robust_list resumed>) = 0 [pid 8466] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8468] rt_sigprocmask(SIG_SETMASK, [], [pid 8467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8466] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8465] <... ioctl resumed>) = 0 [pid 5831] umount2("./230/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8467] <... mmap resumed>) = 0x7f3002800000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8468] memfd_create("syzkaller", 0) = 3 [pid 8467] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8465] close(3 [pid 5831] openat(AT_FDCWD, "./230/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8465] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8468] <... mmap resumed>) = 0x7f3002800000 [pid 8465] close(4 [pid 5831] newfstatat(4, "", [pid 8468] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8465] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8467] <... write resumed>) = 131072 [pid 8465] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 8463] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 8465] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 8465] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5831] <... close resumed>) = 0 [pid 8463] close(3 [pid 5831] rmdir("./230/file2" [pid 8463] <... close resumed>) = 0 [pid 8468] <... write resumed>) = 131072 [pid 8463] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 8467] munmap(0x7f3002800000, 138412032) = 0 [pid 8463] <... close resumed>) = 0 [pid 8463] mkdir("./file1", 0777 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [ 210.936463][ T8465] loop3: detected capacity change from 0 to 256 [ 210.945741][ T8463] loop4: detected capacity change from 0 to 256 [pid 8468] munmap(0x7f3002800000, 138412032 [pid 8467] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8463] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 8468] <... munmap resumed>) = 0 [pid 8467] <... openat resumed>) = 4 [pid 8463] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5831] <... close resumed>) = 0 [pid 8468] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8467] ioctl(4, LOOP_SET_FD, 3 [pid 8468] <... openat resumed>) = 4 [pid 5831] rmdir("./230") = 0 [pid 8468] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5831] mkdir("./231", 0777 [pid 8468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 8468] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8468] close(4) = 0 [pid 8467] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8468] close(3 [pid 8467] close(3 [pid 8468] <... close resumed>) = 0 [pid 8467] <... close resumed>) = 0 [pid 8467] close(4 [pid 8468] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8467] <... close resumed>) = 0 [pid 8468] <... futex resumed>) = 1 [pid 8467] mkdir("./file1", 0777 [pid 8468] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8467] <... mkdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 210.999848][ T8467] loop0: detected capacity change from 0 to 256 [ 211.023936][ T8465] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8467] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8466] <... futex resumed>) = 0 [pid 8466] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8468] <... futex resumed>) = 0 [pid 8466] <... futex resumed>) = 1 [pid 8468] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 8466] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8468] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8466] <... futex resumed>) = 0 [pid 8468] mkdir("./file2", 0777 [pid 8466] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8468] <... mkdir resumed>) = 0 [pid 8466] <... futex resumed>) = 0 [pid 8468] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8466] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8465] <... mount resumed>) = 0 [pid 8465] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8465] chdir("./file1") = 0 [pid 8465] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8465] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8466] <... futex resumed>) = ? [pid 8465] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8468] +++ killed by SIGSEGV +++ [pid 8466] +++ killed by SIGSEGV +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8466, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8462] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8469 attached [pid 8462] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8469 [pid 8465] <... futex resumed>) = 0 [pid 8463] <... mount resumed>) = 0 [pid 8462] <... futex resumed>) = 1 [pid 5832] umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8465] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8462] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8469] set_robust_list(0x55556b85b6a0, 24 [pid 8463] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8469] <... set_robust_list resumed>) = 0 [pid 8469] chdir("./231" [pid 8465] <... openat resumed>) = 4 [pid 8463] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 8469] <... chdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 8469] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8465] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8463] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8469] <... prctl resumed>) = 0 [pid 8465] <... futex resumed>) = 1 [pid 8463] <... chdir resumed>) = 0 [pid 8462] <... futex resumed>) = 0 [ 211.065351][ T8463] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 211.075388][ T8467] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] getdents64(3, [pid 8465] mkdir("./file2", 0777 [pid 8463] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8462] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8469] setpgid(0, 0 [pid 5832] umount2("./223/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8469] <... setpgid resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8462] <... futex resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./223/devices.list", [pid 8463] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8462] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./223/devices.list" [pid 8469] <... openat resumed>) = 3 [pid 8469] write(3, "1000", 4 [pid 8463] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... unlink resumed>) = 0 [pid 8467] <... mount resumed>) = 0 [pid 5832] umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8469] <... write resumed>) = 4 [pid 8463] <... futex resumed>) = 1 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8469] close(3 [pid 8463] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8460] <... futex resumed>) = 0 [pid 8469] <... close resumed>) = 0 [pid 8467] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8460] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8467] <... openat resumed>) = 3 [pid 8467] chdir("./file1") = 0 [pid 8467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8467] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8463] <... futex resumed>) = 0 [pid 8460] <... futex resumed>) = 1 [pid 8469] symlink("/dev/binderfs", "./binderfs" [pid 5832] newfstatat(AT_FDCWD, "./223/binderfs", [pid 8463] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8467] <... futex resumed>) = 1 [pid 8464] <... futex resumed>) = 0 [pid 8469] <... symlink resumed>) = 0 [pid 8467] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8464] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8469] write(1, "executing program\n", 18 [pid 8467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8464] <... futex resumed>) = 0 [pid 8460] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8467] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8464] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8469] <... write resumed>) = 18 [pid 8467] <... openat resumed>) = 4 [pid 5832] unlink("./223/binderfs" [pid 8467] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... unlink resumed>) = 0 [pid 8469] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8467] <... futex resumed>) = 1 [pid 8464] <... futex resumed>) = 0 [pid 8464] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 211.118696][ T8465] exFAT-fs (loop3): error, data size is invalid(9000) [ 211.125593][ T8465] exFAT-fs (loop3): Filesystem has been set read-only [pid 8469] <... futex resumed>) = 0 [pid 8467] mkdir("./file2", 0777 [pid 8464] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8463] <... openat resumed>) = 4 [pid 5832] umount2("./223/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8469] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8462] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8469] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8463] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(AT_FDCWD, "./223/file2", [pid 8469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8463] <... futex resumed>) = 1 [pid 8460] <... futex resumed>) = 0 [pid 8469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8463] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8460] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8460] <... futex resumed>) = 0 [pid 8469] <... mmap resumed>) = 0x7f300ac28000 [pid 8463] mkdir("./file2", 0777 [pid 8462] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8460] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8469] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8462] <... futex resumed>) = 0 [pid 5832] umount2("./223/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8469] <... mprotect resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] openat(AT_FDCWD, "./223/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8469] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8465] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8462] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] <... openat resumed>) = 4 [pid 8469] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8465] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8462] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] newfstatat(4, "", [pid 8462] <... mprotect resumed>) = ? [pid 8465] +++ killed by SIGSEGV +++ [pid 8462] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8462, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8463] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8470 attached [pid 8463] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] getdents64(4, [pid 8470] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8469] <... clone3 resumed> => {parent_tid=[8470]}, 88) = 8470 [pid 8470] <... rseq resumed>) = 0 [pid 8469] rt_sigprocmask(SIG_SETMASK, [], [pid 8464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8460] <... futex resumed>) = ? [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8470] set_robust_list(0x7f300ac489a0, 24 [pid 8469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8467] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8464] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8470] <... set_robust_list resumed>) = 0 [pid 8469] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8464] <... futex resumed>) = 0 [pid 8463] +++ killed by SIGSEGV +++ [pid 8460] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 8470] rt_sigprocmask(SIG_SETMASK, [], [pid 8469] <... futex resumed>) = 0 [pid 8467] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 211.178443][ T8467] exFAT-fs (loop0): error, data size is invalid(9000) [ 211.187779][ T8463] exFAT-fs (loop4): error, data size is invalid(9000) [ 211.200790][ T8463] exFAT-fs (loop4): Filesystem has been set read-only [ 211.206777][ T8467] exFAT-fs (loop0): Filesystem has been set read-only [pid 8464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8460, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5833] openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8469] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8464] <... mmap resumed>) = ? [pid 5833] <... openat resumed>) = 3 [pid 5832] close(4 [pid 8470] memfd_create("syzkaller", 0 [pid 8467] +++ killed by SIGSEGV +++ [pid 8464] +++ killed by SIGSEGV +++ [pid 5833] newfstatat(3, "", [pid 5834] umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8470] <... memfd_create resumed>) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8464, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] rmdir("./223/file2" [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8470] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... openat resumed>) = 3 [pid 5833] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 8470] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8470] <... write resumed>) = 131072 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 8470] munmap(0x7f3002800000, 138412032 [pid 5834] getdents64(3, [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./228/file1", [pid 5830] umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8470] <... munmap resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8470] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8470] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8470] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] rmdir("./223" [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./228/file1") = 0 [pid 5833] umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./228/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./228") = 0 [pid 5833] mkdir("./229", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5832] mkdir("./224", 0777./strace-static-x86_64: Process 8471 attached [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8471 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8471] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... openat resumed>) = 3 [pid 8471] <... set_robust_list resumed>) = 0 [pid 8471] chdir("./229") = 0 [pid 8471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8471] setpgid(0, 0) = 0 [pid 8471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8470] <... ioctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8470] close(3) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8470] close(4 [pid 5832] close(3 [pid 8471] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 [pid 8471] <... write resumed>) = 4 [pid 8471] close(3) = 0 [pid 8471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8471] write(1, "executing program\n", 18executing program ) = 18 [pid 8470] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8472 attached [pid 8470] mkdir("./file1", 0777 [pid 5834] <... umount2 resumed>) = 0 [pid 8471] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8471] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8470] <... mkdir resumed>) = 0 [pid 5834] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8472 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] newfstatat(AT_FDCWD, "./227/file1", [pid 8471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8472] set_robust_list(0x55556b85b6a0, 24 [pid 8471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8472] <... set_robust_list resumed>) = 0 [pid 8471] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8471] <... mprotect resumed>) = 0 [pid 8472] chdir("./224" [pid 8471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8472] <... chdir resumed>) = 0 [pid 8471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8470] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5834] openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8472] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8473 attached [pid 8472] <... prctl resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = 0 [pid 8472] setpgid(0, 0 [pid 5834] newfstatat(4, "", [pid 5830] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./229/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8471] <... clone3 resumed> => {parent_tid=[8473]}, 88) = 8473 [pid 5830] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8473] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8471] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] getdents64(4, [pid 5830] openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8473] <... rseq resumed>) = 0 [pid 8471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... openat resumed>) = 4 [pid 8473] set_robust_list(0x7f300ac489a0, 24 [pid 8471] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8473] <... set_robust_list resumed>) = 0 [pid 8471] <... futex resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 8473] rt_sigprocmask(SIG_SETMASK, [], [pid 8472] <... setpgid resumed>) = 0 [pid 8471] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8473] memfd_create("syzkaller", 0 [pid 8472] <... openat resumed>) = 3 [pid 5834] getdents64(4, [pid 5830] getdents64(4, [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8473] <... memfd_create resumed>) = 3 [pid 5834] close(4 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5834] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 8473] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8472] write(3, "1000", 4 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] rmdir("./227/file1" [pid 8472] <... write resumed>) = 4 [pid 5830] close(4 [pid 8472] close(3 [pid 5830] <... close resumed>) = 0 [pid 8472] <... close resumed>) = 0 [ 211.281753][ T8470] loop1: detected capacity change from 0 to 256 [pid 8473] <... write resumed>) = 131072 [pid 5830] rmdir("./229/file1" [pid 8472] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8472] <... symlink resumed>) = 0 [pid 5834] umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./229/binderfs", [pid 8473] munmap(0x7f3002800000, 138412032) = 0 [pid 5834] newfstatat(AT_FDCWD, "./227/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8473] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./229/binderfs" [pid 5834] unlink("./227/binderfs" [pid 8473] <... openat resumed>) = 4 [pid 5830] <... unlink resumed>) = 0 [pid 8473] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8472] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8473] <... ioctl resumed>) = 0 [pid 8473] close(3) = 0 [pid 8473] close(4) = 0 [pid 8473] mkdir("./file1", 0777) = 0 [pid 8473] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] close(3executing program [pid 8472] <... write resumed>) = 18 [pid 5834] getdents64(3, [pid 5830] <... close resumed>) = 0 [pid 8472] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rmdir("./229") = 0 [pid 8472] <... futex resumed>) = 0 [pid 5830] mkdir("./230", 0777) = 0 [pid 8472] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8472] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] close(3) = 0 [pid 8472] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8470] <... mount resumed>) = 0 [pid 5834] rmdir("./227" [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8472] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] mkdir("./228", 0777 [pid 8472] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8470] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8472] <... mprotect resumed>) = 0 [pid 8470] <... openat resumed>) = 3 [pid 8470] chdir("./file1" [pid 8472] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8470] <... chdir resumed>) = 0 [pid 8470] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8472] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8470] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3 [pid 8472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] <... close resumed>) = 0 ./strace-static-x86_64: Process 8474 attached [pid 8470] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8470] <... futex resumed>) = 1 [pid 8469] <... futex resumed>) = 0 [pid 8470] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8469] <... futex resumed>) = 0 [pid 8470] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8469] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8475 attached [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8475 [ 211.363771][ T8473] loop3: detected capacity change from 0 to 256 [ 211.364887][ T8470] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8475] set_robust_list(0x55556b85b6a0, 24 [pid 8474] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8472] <... clone3 resumed> => {parent_tid=[8474]}, 88) = 8474 [pid 8470] <... openat resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8475] <... set_robust_list resumed>) = 0 [pid 8475] chdir("./230" [pid 8474] <... rseq resumed>) = 0 [pid 8472] rt_sigprocmask(SIG_SETMASK, [], [pid 8470] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8475] <... chdir resumed>) = 0 [pid 8472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8470] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... ioctl resumed>) = 0 [pid 8474] set_robust_list(0x7f300ac489a0, 24 [pid 8472] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8474] <... set_robust_list resumed>) = 0 [pid 8472] <... futex resumed>) = 0 [pid 8474] rt_sigprocmask(SIG_SETMASK, [], [pid 8472] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] close(3 [pid 8475] <... prctl resumed>) = 0 [pid 8475] setpgid(0, 0 [pid 8474] memfd_create("syzkaller", 0 [pid 8475] <... setpgid resumed>) = 0 [pid 8474] <... memfd_create resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 8474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8469] <... futex resumed>) = 0 [pid 8469] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = 0 [pid 8469] <... futex resumed>) = 1 [pid 8470] mkdir("./file2", 0777 [pid 8469] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8475] <... openat resumed>) = 3 [pid 8474] <... mmap resumed>) = 0x7f3002800000 [pid 8475] write(3, "1000", 4 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8476 attached [pid 8475] <... write resumed>) = 4 [pid 8474] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8476] set_robust_list(0x55556b85b6a0, 24 [pid 8475] close(3) = 0 [pid 8475] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8475] write(1, "executing program\n", 18) = 18 [pid 8475] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8475] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8476] <... set_robust_list resumed>) = 0 [pid 8475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8475] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8476] chdir("./228" [pid 8475] <... mprotect resumed>) = 0 [pid 8473] <... mount resumed>) = 0 [pid 8476] <... chdir resumed>) = 0 [pid 8475] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8474] <... write resumed>) = 131072 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8476 [pid 8476] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8475] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8476] <... prctl resumed>) = 0 [pid 8475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8477 attached [pid 8476] setpgid(0, 0 [pid 8474] munmap(0x7f3002800000, 138412032 [pid 8477] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8476] <... setpgid resumed>) = 0 [pid 8475] <... clone3 resumed> => {parent_tid=[8477]}, 88) = 8477 [pid 8473] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8475] rt_sigprocmask(SIG_SETMASK, [], [pid 8473] <... openat resumed>) = 3 [pid 8475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8473] chdir("./file1" [pid 8475] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8473] <... chdir resumed>) = 0 [pid 8476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8475] <... futex resumed>) = 0 [pid 8473] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8475] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8473] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8477] <... rseq resumed>) = 0 [pid 8476] <... openat resumed>) = 3 [pid 8474] <... munmap resumed>) = 0 [ 211.421058][ T8473] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 211.453236][ T8470] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8473] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8477] set_robust_list(0x7f300ac489a0, 24 [pid 8476] write(3, "1000", 4 [pid 8474] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8477] <... set_robust_list resumed>) = 0 [pid 8476] <... write resumed>) = 4 [pid 8477] rt_sigprocmask(SIG_SETMASK, [], [pid 8476] close(3 [pid 8477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8477] memfd_create("syzkaller", 0 [pid 8476] <... close resumed>) = 0 [pid 8474] <... openat resumed>) = 4 [pid 8473] <... futex resumed>) = 1 [pid 8471] <... futex resumed>) = 0 [pid 8476] symlink("/dev/binderfs", "./binderfs" [pid 8474] ioctl(4, LOOP_SET_FD, 3 [pid 8477] <... memfd_create resumed>) = 3 [pid 8473] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8471] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8471] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8473] <... openat resumed>) = 4 [pid 8473] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8471] <... futex resumed>) = 0 [pid 8471] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8473] mkdir("./file2", 0777 [pid 8471] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8476] <... symlink resumed>) = 0 [pid 8474] <... ioctl resumed>) = 0 [pid 8469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8477] <... mmap resumed>) = 0x7f3002800000 [pid 8476] write(1, "executing program\n", 18executing program [pid 8477] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8476] <... write resumed>) = 18 [pid 8469] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8476] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8469] <... futex resumed>) = 0 [pid 8469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8469] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8470] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8469] <... mprotect resumed>) = 0 [pid 8470] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8469] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8477] <... write resumed>) = 131072 [pid 8476] <... futex resumed>) = 0 [pid 8469] <... rt_sigprocmask resumed> ) = ? [pid 8476] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8470] +++ killed by SIGSEGV +++ [pid 8469] +++ killed by SIGSEGV +++ [pid 8476] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8469, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8477] munmap(0x7f3002800000, 138412032 [pid 8476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8474] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8476] <... mmap resumed>) = 0x7f300ac28000 [pid 8476] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8476] <... mprotect resumed>) = 0 [pid 8474] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8474] close(4 [pid 5831] openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8474] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8474] mkdir("./file1", 0777 [pid 5831] newfstatat(3, "", [pid 8477] <... munmap resumed>) = 0 [pid 8476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8474] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 211.484823][ T8470] exFAT-fs (loop1): Filesystem has been set read-only [ 211.499253][ T8474] loop2: detected capacity change from 0 to 256 [ 211.503410][ T8473] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5831] getdents64(3, [pid 8477] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8474] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8477] <... openat resumed>) = 4 [pid 8471] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8478 attached [pid 8471] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8476] <... clone3 resumed> => {parent_tid=[8478]}, 88) = 8478 [pid 8476] rt_sigprocmask(SIG_SETMASK, [], [pid 8471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8477] ioctl(4, LOOP_SET_FD, 3 [pid 8476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8478] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8471] <... mmap resumed>) = 0x7f300ac07000 [pid 8478] <... rseq resumed>) = 0 [pid 8471] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8478] set_robust_list(0x7f300ac489a0, 24 [pid 8476] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8471] <... mprotect resumed>) = 0 [pid 8478] <... set_robust_list resumed>) = 0 [pid 8476] <... futex resumed>) = 0 [pid 8471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8478] rt_sigprocmask(SIG_SETMASK, [], [pid 8476] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8479 attached [pid 8478] memfd_create("syzkaller", 0) = 3 [pid 8471] <... clone3 resumed> => {parent_tid=[8479]}, 88) = 8479 [pid 8478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8471] rt_sigprocmask(SIG_SETMASK, [], [pid 8478] <... mmap resumed>) = 0x7f3002800000 [pid 8471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8478] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8471] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8478] <... write resumed>) = 131072 [pid 8471] <... futex resumed>) = 0 [pid 8471] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8479] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8478] munmap(0x7f3002800000, 138412032 [pid 8479] <... rseq resumed>) = 0 [pid 8478] <... munmap resumed>) = 0 [pid 8479] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8478] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8479] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8478] <... openat resumed>) = 4 [pid 8478] ioctl(4, LOOP_SET_FD, 3 [pid 8473] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... umount2 resumed>) = 0 [pid 8473] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./231/file1", [pid 8479] <... ioctl resumed>) = ? [pid 8471] <... futex resumed>) = ? [pid 8479] +++ killed by SIGSEGV +++ [pid 8473] +++ killed by SIGSEGV +++ [pid 8471] +++ killed by SIGSEGV +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 211.545958][ T8473] exFAT-fs (loop3): Filesystem has been set read-only [ 211.570471][ T8477] loop0: detected capacity change from 0 to 256 [ 211.584009][ T8478] loop4: detected capacity change from 0 to 256 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8471, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8478] <... ioctl resumed>) = 0 [pid 8477] <... ioctl resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8478] close(3) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8478] close(4 [pid 5833] umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8478] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8478] mkdir("./file1", 0777 [pid 8477] close(3 [pid 5833] openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 8478] <... mkdir resumed>) = 0 [pid 8477] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8477] close(4 [pid 5833] newfstatat(3, "", [pid 8477] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(4, "", [pid 8477] mkdir("./file1", 0777 [pid 5833] getdents64(3, [pid 8478] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8477] <... mkdir resumed>) = 0 [pid 8474] <... mount resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8474] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... umount2 resumed>) = 0 [pid 5831] getdents64(4, [pid 8477] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8474] <... openat resumed>) = 3 [pid 5833] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8474] chdir("./file1" [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8474] <... chdir resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./229/file1", [pid 8474] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] getdents64(4, [pid 8474] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8474] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8474] <... futex resumed>) = 1 [pid 8472] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8474] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8472] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 4 [pid 5831] close(4 [pid 8474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8472] <... futex resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 8474] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8472] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5833] getdents64(4, [pid 8474] <... openat resumed>) = 4 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./231/file1" [pid 8474] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [ 211.595463][ T8474] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] close(4 [pid 8474] <... futex resumed>) = 1 [pid 8472] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5831] umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8474] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8472] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./229/file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8472] <... futex resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./231/binderfs", [pid 8474] mkdir("./file2", 0777 [pid 8472] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./231/binderfs" [pid 5833] newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./229/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5833] rmdir("./229" [pid 5831] getdents64(3, [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] mkdir("./230", 0777 [pid 5831] close(3 [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] rmdir("./231" [pid 5833] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./232", 0777 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... ioctl resumed>) = 0 [ 211.648132][ T8478] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 211.663211][ T8474] exFAT-fs (loop2): error, data size is invalid(9000) [pid 5831] close(3./strace-static-x86_64: Process 8480 attached [pid 8480] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8480] chdir("./230") = 0 [pid 8480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8480] setpgid(0, 0) = 0 [pid 8480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8480] write(3, "1000", 4) = 4 [pid 8480] close(3) = 0 [pid 8478] <... mount resumed>) = 0 [pid 8480] symlink("/dev/binderfs", "./binderfs" [pid 8478] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8480] <... symlink resumed>) = 0 [pid 8478] <... openat resumed>) = 3 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8480 executing program [pid 8480] write(1, "executing program\n", 18 [pid 8478] chdir("./file1" [pid 8480] <... write resumed>) = 18 [pid 8478] <... chdir resumed>) = 0 [pid 8480] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8478] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8480] <... futex resumed>) = 0 [pid 8478] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... close resumed>) = 0 [pid 8480] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8480] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8478] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8480] <... mmap resumed>) = 0x7f300ac28000 [pid 8478] <... futex resumed>) = 1 [pid 8478] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8480] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 8481 attached [pid 8480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8476] <... futex resumed>) = 0 [pid 8476] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8472] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8481 [pid 8472] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8476] <... futex resumed>) = 1 [pid 8478] <... futex resumed>) = 0 [pid 8480] <... clone3 resumed> => {parent_tid=[8482]}, 88) = 8482 [pid 8478] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8476] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8480] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8482 attached [pid 8481] set_robust_list(0x55556b85b6a0, 24 [pid 8480] <... futex resumed>) = 0 [pid 8478] <... openat resumed>) = 4 [pid 8482] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8480] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8482] <... rseq resumed>) = 0 [pid 8481] <... set_robust_list resumed>) = 0 [pid 8478] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8472] <... futex resumed>) = 0 [pid 8482] set_robust_list(0x7f300ac489a0, 24 [pid 8481] chdir("./232" [pid 8478] <... futex resumed>) = 1 [pid 8476] <... futex resumed>) = 0 [pid 8472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8482] <... set_robust_list resumed>) = 0 [pid 8481] <... chdir resumed>) = 0 [pid 8478] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8476] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8482] rt_sigprocmask(SIG_SETMASK, [], [pid 8478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8477] <... mount resumed>) = 0 [pid 8476] <... futex resumed>) = 0 [pid 8482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8481] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8478] mkdir("./file2", 0777 [pid 8476] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8472] <... mmap resumed>) = 0x7f300ac07000 [pid 8482] memfd_create("syzkaller", 0 [pid 8481] <... prctl resumed>) = 0 [pid 8474] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8472] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8482] <... memfd_create resumed>) = 3 [pid 8481] setpgid(0, 0 [pid 8477] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8474] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8477] <... openat resumed>) = 3 [pid 8482] <... mmap resumed>) = 0x7f3002800000 [pid 8477] chdir("./file1" [pid 8482] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8477] <... chdir resumed>) = 0 [pid 8477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8474] +++ killed by SIGSEGV +++ [pid 8472] +++ killed by SIGSEGV +++ [pid 8477] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8472, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8481] <... setpgid resumed>) = 0 [pid 8477] <... futex resumed>) = 1 [pid 8475] <... futex resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8482] <... write resumed>) = 131072 [pid 8481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8477] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8475] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8475] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8481] <... openat resumed>) = 3 [pid 8477] <... openat resumed>) = 4 [pid 8482] munmap(0x7f3002800000, 138412032 [pid 8481] write(3, "1000", 4 [pid 8477] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8482] <... munmap resumed>) = 0 [pid 8481] <... write resumed>) = 4 [pid 8477] <... futex resumed>) = 1 [pid 8475] <... futex resumed>) = 0 [pid 8481] close(3 [ 211.688064][ T8477] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 211.692483][ T8474] exFAT-fs (loop2): Filesystem has been set read-only [ 211.732624][ T8478] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8475] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8481] <... close resumed>) = 0 [pid 8477] mkdir("./file2", 0777 [pid 8475] <... futex resumed>) = 0 [pid 8482] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8481] symlink("/dev/binderfs", "./binderfs" [pid 8475] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8482] <... openat resumed>) = 4 [pid 8481] <... symlink resumed>) = 0 [pid 5832] umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8481] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8481] <... write resumed>) = 18 [pid 8482] ioctl(4, LOOP_SET_FD, 3 [pid 8481] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8481] <... futex resumed>) = 0 [pid 8481] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... openat resumed>) = 3 [pid 8481] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8477] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] newfstatat(3, "", [pid 8481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8478] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8481] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8478] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] getdents64(3, [pid 8481] <... mprotect resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8481] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8481] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8483 attached => {parent_tid=[8483]}, 88) = 8483 [pid 8483] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8481] rt_sigprocmask(SIG_SETMASK, [], [pid 8483] <... rseq resumed>) = 0 [pid 8482] <... ioctl resumed>) = 0 [pid 8481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8483] set_robust_list(0x7f300ac489a0, 24 [pid 8482] close(3 [pid 8481] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8476] <... futex resumed>) = ? [pid 8483] <... set_robust_list resumed>) = 0 [pid 8482] <... close resumed>) = 0 [pid 8481] <... futex resumed>) = 0 [pid 8478] +++ killed by SIGSEGV +++ [pid 8483] rt_sigprocmask(SIG_SETMASK, [], [pid 8482] close(4 [pid 8481] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8482] <... close resumed>) = 0 [pid 8483] memfd_create("syzkaller", 0 [pid 8482] mkdir("./file1", 0777 [pid 8483] <... memfd_create resumed>) = 3 [pid 8482] <... mkdir resumed>) = 0 [pid 8476] +++ killed by SIGSEGV +++ [pid 8483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8476, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5832] <... umount2 resumed>) = 0 [pid 8483] <... mmap resumed>) = 0x7f3002800000 [pid 5832] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./224/file1", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8483] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8482] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./224/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8483] <... write resumed>) = 131072 [pid 5834] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(3, "", [pid 5832] openat(AT_FDCWD, "./224/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 8477] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8483] munmap(0x7f3002800000, 138412032 [pid 8475] <... futex resumed>) = ? [pid 5834] getdents64(3, [pid 5832] close(4 [pid 8483] <... munmap resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] <... close resumed>) = 0 [pid 5834] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] rmdir("./224/file1") = 0 [pid 5832] umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8483] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8483] <... openat resumed>) = 4 [ 211.755263][ T8477] exFAT-fs (loop0): error, data size is invalid(9000) [ 211.763239][ T8478] exFAT-fs (loop4): Filesystem has been set read-only [ 211.772372][ T8482] loop3: detected capacity change from 0 to 256 [ 211.780014][ T8477] exFAT-fs (loop0): Filesystem has been set read-only [pid 5832] newfstatat(AT_FDCWD, "./224/binderfs", [pid 8483] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... umount2 resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./224/binderfs" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... unlink resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./228/file1", [pid 5832] getdents64(3, [pid 8477] +++ killed by SIGSEGV +++ [pid 8475] +++ killed by SIGSEGV +++ [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8475, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] rmdir("./224") = 0 [pid 5830] umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] mkdir("./225", 0777) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] <... openat resumed>) = 4 [pid 5830] newfstatat(3, "", [pid 5834] newfstatat(4, "", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] getdents64(3, [pid 5834] getdents64(4, [pid 5832] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] getdents64(4, [pid 5832] <... ioctl resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5834] close(4 [pid 5832] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5834] rmdir("./228/file1") = 0 [pid 5830] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./230/file1", [pid 5834] umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8483] <... ioctl resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./228/binderfs", [pid 5830] openat(AT_FDCWD, "./230/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8484 attached [pid 8483] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8483] <... close resumed>) = 0 [pid 5834] unlink("./228/binderfs" [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8484 [pid 5830] newfstatat(4, "", [pid 8484] set_robust_list(0x55556b85b6a0, 24 [pid 8483] close(4 [pid 5834] <... unlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8484] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(3, [pid 5830] getdents64(4, [pid 8484] chdir("./225" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8484] <... chdir resumed>) = 0 [pid 5834] close(3 [pid 5830] getdents64(4, [pid 8484] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8483] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8484] <... prctl resumed>) = 0 [pid 8483] mkdir("./file1", 0777 [pid 5834] rmdir("./228" [pid 5830] close(4 [pid 8484] setpgid(0, 0 [pid 8483] <... mkdir resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8484] <... setpgid resumed>) = 0 [pid 8483] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5834] mkdir("./229", 0777 [pid 5830] rmdir("./230/file1" [pid 8484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8484] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8484] write(3, "1000", 4 [pid 5834] <... openat resumed>) = 3 [pid 8484] <... write resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FDexecuting program [pid 8484] close(3 [pid 5834] <... ioctl resumed>) = 0 [pid 8484] <... close resumed>) = 0 [pid 8484] symlink("/dev/binderfs", "./binderfs" [pid 5834] close(3 [pid 8484] <... symlink resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8484] write(1, "executing program\n", 18) = 18 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8485 attached [ 211.823590][ T8483] loop1: detected capacity change from 0 to 256 [ 211.836524][ T8482] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8484] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8485] set_robust_list(0x55556b85b6a0, 24 [pid 8484] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8485 [pid 8484] <... mmap resumed>) = 0x7f300ac28000 [pid 8485] <... set_robust_list resumed>) = 0 [pid 8484] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8485] chdir("./229" [pid 8484] <... mprotect resumed>) = 0 [pid 8484] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8485] <... chdir resumed>) = 0 [pid 8485] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8484] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8485] <... prctl resumed>) = 0 [pid 8484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8485] setpgid(0, 0./strace-static-x86_64: Process 8486 attached [pid 5830] umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8486] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8485] <... setpgid resumed>) = 0 [pid 8486] <... rseq resumed>) = 0 [pid 8485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8482] <... mount resumed>) = 0 [pid 8486] set_robust_list(0x7f300ac489a0, 24 [pid 8484] <... clone3 resumed> => {parent_tid=[8486]}, 88) = 8486 [pid 8486] <... set_robust_list resumed>) = 0 [pid 8485] <... openat resumed>) = 3 [pid 8484] rt_sigprocmask(SIG_SETMASK, [], [pid 8482] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8486] rt_sigprocmask(SIG_SETMASK, [], [pid 8485] write(3, "1000", 4 [pid 8484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8485] <... write resumed>) = 4 [pid 8484] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8482] <... openat resumed>) = 3 [pid 8486] memfd_create("syzkaller", 0 [pid 8485] close(3 [pid 8484] <... futex resumed>) = 0 [pid 8485] <... close resumed>) = 0 [pid 8482] chdir("./file1" [pid 8486] <... memfd_create resumed>) = 3 [pid 8485] symlink("/dev/binderfs", "./binderfs" [pid 8484] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8482] <... chdir resumed>) = 0 [pid 8486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8485] <... symlink resumed>) = 0 [pid 8482] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./230/binderfs", [pid 8486] <... mmap resumed>) = 0x7f3002800000 executing program [pid 8485] write(1, "executing program\n", 18 [pid 8482] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8486] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8485] <... write resumed>) = 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8485] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] unlink("./230/binderfs" [pid 8485] <... futex resumed>) = 0 [pid 8485] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8482] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8482] <... futex resumed>) = 1 [pid 8480] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8480] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 8485] <... mmap resumed>) = 0x7f300ac28000 [pid 8482] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8480] <... futex resumed>) = 0 [pid 8486] <... write resumed>) = 131072 [pid 8485] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8482] <... openat resumed>) = 4 [pid 8480] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8485] <... mprotect resumed>) = 0 [pid 8485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] close(3 [pid 8482] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 8486] munmap(0x7f3002800000, 138412032 [pid 8482] <... futex resumed>) = 1 [pid 8480] <... futex resumed>) = 0 [pid 5830] rmdir("./230" [pid 8486] <... munmap resumed>) = 0 [pid 8482] mkdir("./file2", 0777 [pid 8480] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 8485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8480] <... futex resumed>) = 0 [pid 5830] mkdir("./231", 0777 [pid 8486] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8485] <... clone3 resumed> => {parent_tid=[8487]}, 88) = 8487 [pid 8485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8485] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8486] <... openat resumed>) = 4 [pid 8485] <... futex resumed>) = 0 [pid 8480] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8485] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8486] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8487 attached [pid 8487] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8487] <... rseq resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8487] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8487] memfd_create("syzkaller", 0) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8487] <... mmap resumed>) = 0x7f3002800000 [pid 8487] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5830] close(3 [pid 8486] <... ioctl resumed>) = 0 [pid 8486] close(3 [pid 8487] munmap(0x7f3002800000, 138412032 [pid 8486] <... close resumed>) = 0 [pid 8487] <... munmap resumed>) = 0 [pid 8486] close(4 [pid 5830] <... close resumed>) = 0 [pid 8486] <... close resumed>) = 0 [pid 8486] mkdir("./file1", 0777) = 0 [pid 8483] <... mount resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8487] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8483] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8487] <... openat resumed>) = 4 [pid 8487] ioctl(4, LOOP_SET_FD, 3 [pid 8486] mount("/dev/loop2", "./file1", "exfat", 0, ""./strace-static-x86_64: Process 8488 attached [pid 8483] <... openat resumed>) = 3 [pid 8488] set_robust_list(0x55556b85b6a0, 24 [pid 8483] chdir("./file1" [pid 8488] <... set_robust_list resumed>) = 0 [pid 8483] <... chdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8488 [ 211.917641][ T8483] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 211.932825][ T8482] exFAT-fs (loop3): error, data size is invalid(9000) [ 211.943484][ T8486] loop2: detected capacity change from 0 to 256 [ 211.957815][ T8482] exFAT-fs (loop3): Filesystem has been set read-only [pid 8488] chdir("./231" [pid 8483] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8482] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8488] <... chdir resumed>) = 0 [pid 8483] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8488] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8483] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8488] <... prctl resumed>) = 0 [pid 8483] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8488] setpgid(0, 0 [pid 8481] <... futex resumed>) = 0 [pid 8488] <... setpgid resumed>) = 0 [pid 8482] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8481] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8480] <... futex resumed>) = ? [pid 8488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8483] <... futex resumed>) = 0 [pid 8482] +++ killed by SIGSEGV +++ [pid 8481] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8483] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8488] <... openat resumed>) = 3 [pid 8480] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8480, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8488] write(3, "1000", 4 [pid 8483] <... openat resumed>) = 4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8487] <... ioctl resumed>) = 0 [pid 8487] close(3 [pid 8483] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8488] <... write resumed>) = 4 [pid 8488] close(3 [pid 8487] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, [pid 8488] <... close resumed>) = 0 [pid 8483] <... futex resumed>) = 1 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8487] close(4 [pid 8488] symlink("/dev/binderfs", "./binderfs" [pid 8483] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8488] <... symlink resumed>) = 0 [pid 8487] <... close resumed>) = 0 [pid 5833] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8488] write(1, "executing program\n", 18 [pid 8481] <... futex resumed>) = 0 executing program [ 211.975769][ T8487] loop4: detected capacity change from 0 to 256 [pid 8488] <... write resumed>) = 18 [pid 8487] mkdir("./file1", 0777 [pid 8481] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8488] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8481] <... futex resumed>) = 1 [pid 8488] <... futex resumed>) = 0 [pid 8483] <... futex resumed>) = 0 [pid 8481] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8488] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8483] mkdir("./file2", 0777 [pid 8487] <... mkdir resumed>) = 0 [pid 8488] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8487] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8488] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8488] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./230/file1", [pid 8488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8489 attached [pid 5833] openat(AT_FDCWD, "./230/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8489] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8488] <... clone3 resumed> => {parent_tid=[8489]}, 88) = 8489 [pid 5833] <... openat resumed>) = 4 [pid 8489] <... rseq resumed>) = 0 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 8489] set_robust_list(0x7f300ac489a0, 24 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8489] <... set_robust_list resumed>) = 0 [pid 8488] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(4 [pid 8489] rt_sigprocmask(SIG_SETMASK, [], [pid 8488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./230/file1" [pid 8489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8488] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8489] memfd_create("syzkaller", 0 [pid 8488] <... futex resumed>) = 0 [pid 8489] <... memfd_create resumed>) = 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./230/binderfs", [pid 8489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8488] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8489] <... mmap resumed>) = 0x7f3002800000 [pid 5833] unlink("./230/binderfs") = 0 [pid 8486] <... mount resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8489] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] close(3) = 0 [pid 5833] rmdir("./230") = 0 [pid 8486] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] mkdir("./231", 0777 [pid 8486] <... openat resumed>) = 3 [pid 5833] <... mkdir resumed>) = 0 [pid 8486] chdir("./file1") = 0 [pid 8486] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8486] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... openat resumed>) = 3 [pid 8489] <... write resumed>) = 131072 [pid 8481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8481] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8486] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8486] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8484] <... futex resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8484] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... ioctl resumed>) = 0 [pid 8486] <... futex resumed>) = 0 [pid 8484] <... futex resumed>) = 1 [pid 5833] close(3 [pid 8486] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8484] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [ 212.025137][ T8486] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.040424][ T8483] exFAT-fs (loop1): error, data size is invalid(9000) [ 212.047235][ T8483] exFAT-fs (loop1): Filesystem has been set read-only [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8490 attached [pid 8490] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8490 [pid 8490] <... set_robust_list resumed>) = 0 [pid 8490] chdir("./231" [pid 8481] <... mmap resumed>) = 0x7f300ac07000 [pid 8490] <... chdir resumed>) = 0 [pid 8489] munmap(0x7f3002800000, 138412032 [pid 8486] <... openat resumed>) = 4 [pid 8483] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8481] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8486] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8481] <... mprotect resumed>) = 0 [pid 8483] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8486] <... futex resumed>) = 1 [pid 8486] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] <... munmap resumed>) = 0 [pid 8484] <... futex resumed>) = 0 [pid 8490] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8484] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8490] <... prctl resumed>) = 0 [pid 8486] <... futex resumed>) = 0 [pid 8484] <... futex resumed>) = 1 [pid 8490] setpgid(0, 0 [pid 8486] mkdir("./file2", 0777 [pid 8484] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8490] <... setpgid resumed>) = 0 [pid 8489] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8483] +++ killed by SIGSEGV +++ [pid 8490] <... openat resumed>) = 3 [pid 8490] write(3, "1000", 4) = 4 [pid 8490] close(3 [pid 8489] <... openat resumed>) = 4 [pid 8481] +++ killed by SIGSEGV +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8481, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8489] ioctl(4, LOOP_SET_FD, 3 [pid 8490] <... close resumed>) = 0 [pid 8490] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8490] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8490] write(1, "executing program\n", 18) = 18 [pid 8490] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8490] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8487] <... mount resumed>) = 0 [pid 8490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8487] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8490] <... mmap resumed>) = 0x7f300ac28000 [pid 8487] <... openat resumed>) = 3 [pid 8490] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [ 212.111193][ T8487] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.127710][ T8486] exFAT-fs (loop2): error, data size is invalid(9000) [ 212.151306][ T8489] loop0: detected capacity change from 0 to 256 [pid 8487] chdir("./file1" [pid 8490] <... mprotect resumed>) = 0 [pid 8487] <... chdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8487] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 8487] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8490] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8487] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8485] <... futex resumed>) = 0 [pid 8485] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8485] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8490] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8487] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8491]}, 88) = 8491 [pid 8490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8490] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8490] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8491 attached [pid 8487] <... openat resumed>) = 4 [pid 5831] newfstatat(3, "", [pid 8487] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8485] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8485] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] getdents64(3, [pid 8487] mkdir("./file2", 0777 [pid 8485] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8491] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8484] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8491] <... rseq resumed>) = 0 [pid 8484] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8491] set_robust_list(0x7f300ac489a0, 24 [pid 8486] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8484] <... futex resumed>) = 0 [pid 8486] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8491] <... set_robust_list resumed>) = 0 [pid 8484] <... mmap resumed>) = ? [pid 8491] rt_sigprocmask(SIG_SETMASK, [], [pid 8486] +++ killed by SIGSEGV +++ [pid 8484] +++ killed by SIGSEGV +++ [pid 8491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8489] <... ioctl resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8484, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8491] memfd_create("syzkaller", 0 [pid 8489] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8491] <... memfd_create resumed>) = 3 [pid 8489] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(AT_FDCWD, "./232/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(3, [pid 5831] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8489] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8489] <... close resumed>) = 0 [pid 8491] <... mmap resumed>) = 0x7f3002800000 [pid 8489] mkdir("./file1", 0777 [pid 5832] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] newfstatat(AT_FDCWD, "./225/file1", [pid 5831] getdents64(4, [pid 8489] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./225/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "./225/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(4 [pid 8491] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8489] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5832] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5831] rmdir("./232/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(AT_FDCWD, "./232/binderfs", [pid 5832] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8491] <... write resumed>) = 131072 [pid 5832] <... close resumed>) = 0 [ 212.156831][ T8486] exFAT-fs (loop2): Filesystem has been set read-only [ 212.178438][ T8487] exFAT-fs (loop4): error, data size is invalid(9000) [pid 5831] unlink("./232/binderfs" [pid 8491] munmap(0x7f3002800000, 138412032 [pid 5832] rmdir("./225/file1" [pid 5831] <... unlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 8491] <... munmap resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5832] umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./232" [pid 5832] newfstatat(AT_FDCWD, "./225/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] mkdir("./233", 0777 [pid 5832] unlink("./225/binderfs" [pid 5831] <... mkdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] getdents64(3, [pid 5831] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] close(3 [pid 5832] rmdir("./225" [pid 5831] <... close resumed>) = 0 [pid 8485] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... rmdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8485] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8485] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 8492 attached [pid 8485] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8492 [pid 8492] set_robust_list(0x55556b85b6a0, 24 [pid 8485] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] mkdir("./226", 0777 [pid 8492] <... set_robust_list resumed>) = 0 [pid 8485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8493 attached [pid 8492] chdir("./233" [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8492] <... chdir resumed>) = 0 [pid 8485] <... clone3 resumed> => {parent_tid=[8493]}, 88) = 8493 [pid 5832] <... openat resumed>) = 3 [pid 8492] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8485] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8493] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8492] <... prctl resumed>) = 0 [pid 8485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8493] <... rseq resumed>) = 0 [pid 8492] setpgid(0, 0 [pid 8485] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 8493] set_robust_list(0x7f300ac279a0, 24 [pid 8492] <... setpgid resumed>) = 0 [pid 8485] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8493] <... set_robust_list resumed>) = 0 [pid 8492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8485] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8493] rt_sigprocmask(SIG_SETMASK, [], [pid 8492] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8492] write(3, "1000", 4 [pid 8493] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 8492] <... write resumed>) = 4 [pid 8487] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8492] close(3) = 0 [pid 8493] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8492] symlink("/dev/binderfs", "./binderfs" [pid 8487] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8494 ./strace-static-x86_64: Process 8494 attached [pid 8493] <... futex resumed>) = ? [pid 8492] <... symlink resumed>) = 0 [pid 8491] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8485] <... futex resumed>) = ? [pid 8493] +++ killed by SIGSEGV +++ [pid 8491] <... openat resumed>) = 4 [ 212.216698][ T8487] exFAT-fs (loop4): Filesystem has been set read-only [ 212.246401][ T8489] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8494] set_robust_list(0x55556b85b6a0, 24 [pid 8491] ioctl(4, LOOP_SET_FD, 3 [pid 8492] write(1, "executing program\n", 18executing program [pid 8487] +++ killed by SIGSEGV +++ [pid 8485] +++ killed by SIGSEGV +++ [pid 8492] <... write resumed>) = 18 [pid 8492] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8492] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8485, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8494] <... set_robust_list resumed>) = 0 [pid 8492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 8494] chdir("./226") = 0 [pid 8492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8492] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8492] <... mprotect resumed>) = 0 [pid 8494] <... prctl resumed>) = 0 [pid 8492] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8494] setpgid(0, 0 [pid 8492] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8491] <... ioctl resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8494] <... setpgid resumed>) = 0 [pid 8492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... openat resumed>) = 3 [pid 8494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] newfstatat(3, "", [pid 8492] <... clone3 resumed> => {parent_tid=[8495]}, 88) = 8495 [pid 8494] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8494] write(3, "1000", 4) = 4 [pid 5834] getdents64(3, [pid 8494] close(3./strace-static-x86_64: Process 8495 attached ) = 0 [pid 8492] rt_sigprocmask(SIG_SETMASK, [], [pid 8491] close(3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8494] symlink("/dev/binderfs", "./binderfs" [pid 8491] <... close resumed>) = 0 [pid 5834] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8492] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8491] close(4 [pid 8494] <... symlink resumed>) = 0 [pid 8492] <... futex resumed>) = 0 [pid 8491] <... close resumed>) = 0 [pid 8495] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8492] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8491] mkdir("./file1", 0777 [pid 5834] <... umount2 resumed>) = 0 [pid 8495] <... rseq resumed>) = 0 [pid 8495] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8495] rt_sigprocmask(SIG_SETMASK, [], [pid 8491] <... mkdir resumed>) = 0 [pid 5834] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8494] write(1, "executing program\n", 18 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8494] <... write resumed>) = 18 [pid 8491] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8489] <... mount resumed>) = 0 [pid 8495] memfd_create("syzkaller", 0 [pid 8494] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8489] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] newfstatat(AT_FDCWD, "./229/file1", [pid 8495] <... memfd_create resumed>) = 3 [pid 8495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8489] <... openat resumed>) = 3 [pid 8495] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8494] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8489] chdir("./file1" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8489] <... chdir resumed>) = 0 [pid 5834] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8489] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8489] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 212.269406][ T8491] loop3: detected capacity change from 0 to 256 [pid 8489] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8495] <... write resumed>) = 131072 [pid 8494] <... mmap resumed>) = 0x7f300ac28000 [pid 8489] <... futex resumed>) = 1 [pid 8488] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8488] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(4, "", [pid 8494] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8489] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8488] <... futex resumed>) = 0 [pid 8488] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8494] <... mprotect resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8495] munmap(0x7f3002800000, 138412032 [pid 5834] getdents64(4, [pid 8495] <... munmap resumed>) = 0 [pid 8494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8489] <... openat resumed>) = 4 [pid 8495] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8489] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8495] <... openat resumed>) = 4 [pid 8494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8489] <... futex resumed>) = 1 [pid 8488] <... futex resumed>) = 0 [pid 5834] getdents64(4, [pid 8495] ioctl(4, LOOP_SET_FD, 3 [pid 8488] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8496 attached [pid 8494] <... clone3 resumed> => {parent_tid=[8496]}, 88) = 8496 [pid 8489] mkdir("./file2", 0777 [pid 8488] <... futex resumed>) = 0 [pid 8496] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8496] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8488] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] close(4 [pid 8496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8496] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8494] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... close resumed>) = 0 [pid 8495] <... ioctl resumed>) = 0 [pid 8495] close(3) = 0 [pid 8495] close(4) = 0 [pid 8495] mkdir("./file1", 0777) = 0 [pid 8494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] rmdir("./229/file1" [pid 8494] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8496] <... futex resumed>) = 0 [pid 8495] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8494] <... futex resumed>) = 1 [pid 5834] <... rmdir resumed>) = 0 [pid 8496] memfd_create("syzkaller", 0 [pid 8494] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8496] <... memfd_create resumed>) = 3 [pid 8496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8496] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] newfstatat(AT_FDCWD, "./229/binderfs", [pid 8496] <... write resumed>) = 131072 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 212.342988][ T8495] loop1: detected capacity change from 0 to 256 [ 212.350366][ T8491] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.363101][ T8489] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8496] munmap(0x7f3002800000, 138412032) = 0 [pid 5834] unlink("./229/binderfs" [pid 8491] <... mount resumed>) = 0 [pid 8489] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... unlink resumed>) = 0 [pid 8491] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8489] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] getdents64(3, [pid 8491] <... openat resumed>) = 3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8491] chdir("./file1" [pid 5834] close(3 [pid 8496] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8489] +++ killed by SIGSEGV +++ [pid 8488] +++ killed by SIGSEGV +++ [pid 5834] <... close resumed>) = 0 [pid 8496] <... openat resumed>) = 4 [pid 8491] <... chdir resumed>) = 0 [pid 5834] rmdir("./229" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8488, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8496] ioctl(4, LOOP_SET_FD, 3 [pid 8491] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... rmdir resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8491] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] mkdir("./230", 0777 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8491] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... mkdir resumed>) = 0 [pid 8491] <... futex resumed>) = 1 [pid 8490] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8491] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8490] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8490] <... futex resumed>) = 0 [pid 8496] <... ioctl resumed>) = 0 [pid 8490] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 3 [pid 8496] close(3 [pid 8495] <... mount resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8496] <... close resumed>) = 0 [pid 8496] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8496] <... close resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] getdents64(3, [pid 8496] mkdir("./file1", 0777 [pid 8495] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... ioctl resumed>) = 0 [pid 8496] <... mkdir resumed>) = 0 [pid 8491] <... openat resumed>) = 4 [pid 5834] close(3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8496] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8495] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [ 212.389101][ T8489] exFAT-fs (loop0): Filesystem has been set read-only [ 212.405140][ T8495] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.432843][ T8496] loop2: detected capacity change from 0 to 256 [pid 5830] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8495] chdir("./file1" [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8495] <... chdir resumed>) = 0 [pid 8495] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8495] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8492] <... futex resumed>) = 0 [pid 8495] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8492] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8495] <... openat resumed>) = 4 [pid 8492] <... futex resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8497 [pid 8492] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8497 attached [pid 8495] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8492] <... futex resumed>) = 0 [pid 8492] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8492] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8497] set_robust_list(0x55556b85b6a0, 24 [pid 8495] mkdir("./file2", 0777 [pid 8491] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] <... set_robust_list resumed>) = 0 [pid 8491] <... futex resumed>) = 1 [pid 8490] <... futex resumed>) = 0 [pid 8497] chdir("./230") = 0 [pid 8491] mkdir("./file2", 0777 [pid 8490] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8490] <... futex resumed>) = 0 [pid 8497] <... prctl resumed>) = 0 [pid 8497] setpgid(0, 0) = 0 [pid 8490] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = 0 [pid 8497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8497] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./231/file1", [pid 8497] write(3, "1000", 4 [pid 8492] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8497] <... write resumed>) = 4 [pid 8492] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] close(3 [pid 8492] <... futex resumed>) = 0 [pid 8497] <... close resumed>) = 0 [ 212.487466][ T8495] exFAT-fs (loop1): error, data size is invalid(9000) [ 212.498357][ T8491] exFAT-fs (loop3): error, data size is invalid(9000) [ 212.521693][ T8496] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8497] symlink("/dev/binderfs", "./binderfs" [pid 8492] <... mmap resumed>) = 0x7f300ac07000 [pid 8497] <... symlink resumed>) = 0 [pid 8492] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8492] <... mprotect resumed>) = 0 [pid 5830] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8497] write(1, "executing program\n", 18 [pid 8492] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8497] <... write resumed>) = 18 [pid 8492] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8497] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8491] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... openat resumed>) = 4 [pid 8497] <... futex resumed>) = 0 [pid 5830] newfstatat(4, "", ./strace-static-x86_64: Process 8498 attached [pid 8497] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8492] <... clone3 resumed> => {parent_tid=[8498]}, 88) = 8498 [pid 8491] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8498] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8497] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8492] rt_sigprocmask(SIG_SETMASK, [], [pid 8490] <... futex resumed>) = ? [pid 5830] getdents64(4, [pid 8497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8492] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(4, [pid 8497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8492] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8498] <... rseq resumed>) = 0 [pid 8497] <... mmap resumed>) = 0x7f300ac28000 [pid 8492] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8491] +++ killed by SIGSEGV +++ [pid 8490] +++ killed by SIGSEGV +++ [pid 5830] close(4 [pid 8498] set_robust_list(0x7f300ac279a0, 24 [pid 8497] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... close resumed>) = 0 [pid 8498] <... set_robust_list resumed>) = 0 [pid 5830] rmdir("./231/file1" [pid 8498] rt_sigprocmask(SIG_SETMASK, [], [pid 8497] <... mprotect resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8490, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8497] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... rmdir resumed>) = 0 [pid 8497] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8499 attached [pid 8498] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8497] <... clone3 resumed> => {parent_tid=[8499]}, 88) = 8499 [pid 5833] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] <... rseq resumed>) = 0 [pid 8498] <... ioctl resumed>) = 0 [pid 8497] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8499] set_robust_list(0x7f300ac489a0, 24 [pid 8498] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./231/binderfs", [pid 8499] <... set_robust_list resumed>) = 0 [pid 8498] <... futex resumed>) = 1 [pid 8497] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8492] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8499] rt_sigprocmask(SIG_SETMASK, [], [pid 8498] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8497] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8497] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8496] <... mount resumed>) = 0 [pid 5833] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 212.534814][ T8491] exFAT-fs (loop3): Filesystem has been set read-only [ 212.538393][ T8495] exFAT-fs (loop1): Filesystem has been set read-only [pid 5833] <... umount2 resumed>) = 0 [pid 5830] unlink("./231/binderfs" [pid 8499] memfd_create("syzkaller", 0 [pid 8496] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8495] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... unlink resumed>) = 0 [pid 8499] <... memfd_create resumed>) = 3 [pid 8495] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8498] <... futex resumed>) = ? [pid 8496] <... openat resumed>) = 3 [pid 5833] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 8499] <... mmap resumed>) = 0x7f3002800000 [pid 8498] +++ killed by SIGSEGV +++ [pid 8496] chdir("./file1" [pid 8495] +++ killed by SIGSEGV +++ [pid 8492] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8499] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8496] <... chdir resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./231/file1", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8492, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] close(3 [pid 8496] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8496] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] <... write resumed>) = 131072 [pid 8496] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8499] munmap(0x7f3002800000, 138412032 [pid 8496] <... futex resumed>) = 1 [pid 8494] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8499] <... munmap resumed>) = 0 [pid 8494] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 4 [pid 8499] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8494] <... futex resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 5830] rmdir("./231" [pid 8499] <... openat resumed>) = 4 [pid 8494] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] ioctl(4, LOOP_SET_FD, 3 [pid 8496] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 3 [pid 5833] getdents64(4, [pid 5831] newfstatat(3, "", [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8496] <... openat resumed>) = 4 [pid 5833] close(4 [pid 5831] getdents64(3, [pid 5833] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] rmdir("./231/file1" [pid 5831] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... rmdir resumed>) = 0 [pid 8496] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8496] <... futex resumed>) = 1 [pid 8494] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] mkdir("./232", 0777 [pid 8494] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./231/binderfs", [pid 8494] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8494] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./231/binderfs") = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./231") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] mkdir("./232", 0777 [pid 8496] mkdir("./file2", 0777 [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8500 attached [pid 8499] <... ioctl resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8499] close(3 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8500 [pid 5830] close(3 [pid 8500] set_robust_list(0x55556b85b6a0, 24 [pid 8499] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8499] close(4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8500] <... set_robust_list resumed>) = 0 [pid 8499] <... close resumed>) = 0 [pid 8500] chdir("./232"./strace-static-x86_64: Process 8501 attached ) = 0 [pid 8499] mkdir("./file1", 0777 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8501 [pid 8500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8499] <... mkdir resumed>) = 0 [pid 8501] set_robust_list(0x55556b85b6a0, 24 [pid 8500] setpgid(0, 0 [pid 8499] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./233/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8500] <... setpgid resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 8501] <... set_robust_list resumed>) = 0 [pid 8500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] close(4 [pid 8501] chdir("./232" [pid 8500] <... openat resumed>) = 3 [pid 8494] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./233/file1" [pid 8494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... rmdir resumed>) = 0 [pid 8494] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8494] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] newfstatat(AT_FDCWD, "./233/binderfs", [pid 8501] <... chdir resumed>) = 0 [pid 8494] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8494] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] unlink("./233/binderfs" [pid 8494] <... mprotect resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8500] write(3, "1000", 4 [pid 8494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] getdents64(3, [pid 8501] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8500] <... write resumed>) = 4 [pid 8494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8501] <... prctl resumed>) = 0 [pid 8501] setpgid(0, 0 [pid 8500] close(3 [pid 8494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] close(3 [pid 8501] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 8502 attached [pid 8501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8500] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 executing program [pid 8502] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8500] symlink("/dev/binderfs", "./binderfs" [pid 8494] <... clone3 resumed> => {parent_tid=[8502]}, 88) = 8502 [pid 5831] rmdir("./233" [pid 8502] <... rseq resumed>) = 0 [pid 8500] <... symlink resumed>) = 0 [pid 8494] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rmdir resumed>) = 0 [pid 8502] set_robust_list(0x7f300ac279a0, 24 [pid 8500] write(1, "executing program\n", 18 [pid 8494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8502] <... set_robust_list resumed>) = 0 [pid 8500] <... write resumed>) = 18 [pid 8494] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8502] rt_sigprocmask(SIG_SETMASK, [], [pid 8501] <... openat resumed>) = 3 [pid 8500] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8494] <... futex resumed>) = 0 [pid 8502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8501] write(3, "1000", 4 [pid 8500] <... futex resumed>) = 0 [pid 8494] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] mkdir("./234", 0777 [pid 8502] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8501] <... write resumed>) = 4 [pid 8500] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... mkdir resumed>) = 0 [ 212.639336][ T8499] loop4: detected capacity change from 0 to 256 [ 212.651976][ T8496] exFAT-fs (loop2): error, data size is invalid(9000) [ 212.678682][ T8496] exFAT-fs (loop2): Filesystem has been set read-only [pid 8502] <... ioctl resumed>) = 0 [pid 8501] close(3 [pid 8500] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8502] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8501] <... close resumed>) = 0 executing program [pid 8502] <... futex resumed>) = 1 [pid 8501] symlink("/dev/binderfs", "./binderfs" [pid 8500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8494] <... futex resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8502] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8501] <... symlink resumed>) = 0 [pid 8500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8501] write(1, "executing program\n", 18 [pid 8500] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8501] <... write resumed>) = 18 [pid 8500] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8496] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8501] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8500] <... mprotect resumed>) = 0 [pid 8496] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... ioctl resumed>) = 0 [pid 8502] <... futex resumed>) = ? [pid 8501] <... futex resumed>) = 0 [pid 8500] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8502] +++ killed by SIGSEGV +++ [pid 8501] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8496] +++ killed by SIGSEGV +++ [pid 8494] +++ killed by SIGSEGV +++ [pid 5831] close(3 [pid 8501] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8500] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8494, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... close resumed>) = 0 [pid 8501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8504 attached ./strace-static-x86_64: Process 8503 attached [pid 5832] <... restart_syscall resumed>) = 0 [pid 8504] set_robust_list(0x55556b85b6a0, 24 [pid 8503] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8500] <... clone3 resumed> => {parent_tid=[8503]}, 88) = 8503 [pid 8504] <... set_robust_list resumed>) = 0 [pid 8503] <... rseq resumed>) = 0 [pid 8501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8504 [pid 8501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8503] set_robust_list(0x7f300ac489a0, 24 [pid 8501] <... mmap resumed>) = 0x7f300ac28000 [pid 8500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8504] chdir("./234" [pid 8503] <... set_robust_list resumed>) = 0 [pid 8500] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8504] <... chdir resumed>) = 0 [pid 8503] rt_sigprocmask(SIG_SETMASK, [], [pid 8500] <... futex resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8504] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8500] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] newfstatat(3, "", [pid 8504] <... prctl resumed>) = 0 [pid 8503] memfd_create("syzkaller", 0 [pid 8501] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8504] setpgid(0, 0 [pid 8503] <... memfd_create resumed>) = 3 [pid 8501] <... mprotect resumed>) = 0 [pid 8504] <... setpgid resumed>) = 0 [pid 8504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] getdents64(3, [pid 8504] write(3, "1000", 4 [pid 8503] <... mmap resumed>) = 0x7f3002800000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8504] <... write resumed>) = 4 [pid 8503] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8501] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8504] close(3) = 0 [pid 8501] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}executing program ./strace-static-x86_64: Process 8505 attached [pid 8504] write(1, "executing program\n", 18 [pid 8503] <... write resumed>) = 131072 [pid 5832] <... umount2 resumed>) = 0 [pid 8505] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8504] <... write resumed>) = 18 [pid 8505] <... rseq resumed>) = 0 [pid 8504] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8505] set_robust_list(0x7f300ac489a0, 24 [pid 8501] <... clone3 resumed> => {parent_tid=[8505]}, 88) = 8505 [pid 8505] <... set_robust_list resumed>) = 0 [pid 8504] <... futex resumed>) = 0 [pid 8503] munmap(0x7f3002800000, 138412032 [pid 8501] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8505] rt_sigprocmask(SIG_SETMASK, [], [pid 8504] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8503] <... munmap resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./226/file1", [pid 8504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] umount2("./226/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8504] <... mmap resumed>) = 0x7f300ac28000 [pid 8503] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8504] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8503] <... openat resumed>) = 4 [ 212.739613][ T8499] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] openat(AT_FDCWD, "./226/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8504] <... mprotect resumed>) = 0 [pid 8503] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 4 [pid 8505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8504] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(4, "", [pid 8505] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8501] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8501] <... futex resumed>) = 0 [pid 8504] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8505] memfd_create("syzkaller", 0 [pid 8504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8506]}, 88) = 8506 ./strace-static-x86_64: Process 8506 attached [pid 8505] <... memfd_create resumed>) = 3 [pid 8504] rt_sigprocmask(SIG_SETMASK, [], [pid 8501] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8499] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8499] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8505] <... mmap resumed>) = 0x7f3002800000 [pid 8504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8504] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8506] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8504] <... futex resumed>) = 0 [pid 8499] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 8506] <... rseq resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8506] set_robust_list(0x7f300ac489a0, 24 [pid 5832] getdents64(4, [pid 8506] <... set_robust_list resumed>) = 0 [pid 8505] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8504] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8499] chdir("./file1" [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8506] rt_sigprocmask(SIG_SETMASK, [], [pid 8499] <... chdir resumed>) = 0 [pid 5832] close(4 [pid 8506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 8506] memfd_create("syzkaller", 0 [pid 8499] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] rmdir("./226/file1" [pid 8506] <... memfd_create resumed>) = 3 [pid 8499] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 8499] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8499] <... futex resumed>) = 1 [pid 8497] <... futex resumed>) = 0 [pid 5832] umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8499] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8506] <... mmap resumed>) = 0x7f3002800000 [pid 8497] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8506] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8505] <... write resumed>) = 131072 [pid 8499] <... futex resumed>) = 0 [pid 8497] <... futex resumed>) = 1 [pid 5832] newfstatat(AT_FDCWD, "./226/binderfs", [pid 8499] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8497] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8506] <... write resumed>) = 131072 [pid 8499] <... openat resumed>) = 4 [pid 5832] unlink("./226/binderfs" [pid 8505] munmap(0x7f3002800000, 138412032 [pid 8499] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8497] <... futex resumed>) = 0 [pid 8499] <... futex resumed>) = 1 [pid 8497] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8499] mkdir("./file2", 0777 [pid 8497] <... futex resumed>) = 0 [ 212.788509][ T8503] loop3: detected capacity change from 0 to 256 [pid 8506] munmap(0x7f3002800000, 138412032 [pid 8505] <... munmap resumed>) = 0 [pid 8503] <... ioctl resumed>) = 0 [pid 8497] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... unlink resumed>) = 0 [pid 8506] <... munmap resumed>) = 0 [pid 5832] getdents64(3, [pid 8503] close(3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8503] <... close resumed>) = 0 [pid 5832] close(3) = 0 [pid 8503] close(4 [pid 5832] rmdir("./226" [pid 8505] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8503] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8503] mkdir("./file1", 0777 [pid 5832] mkdir("./227", 0777 [pid 8503] <... mkdir resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8503] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8505] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8507 attached [pid 8507] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8507 [pid 8507] <... set_robust_list resumed>) = 0 [pid 8507] chdir("./227") = 0 [pid 8507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8507] setpgid(0, 0) = 0 [pid 8507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8506] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8505] ioctl(4, LOOP_SET_FD, 3 [pid 8507] write(3, "1000", 4) = 4 [pid 8507] close(3) = 0 [pid 8507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8506] ioctl(4, LOOP_SET_FD, 3executing program [pid 8507] write(1, "executing program\n", 18) = 18 [pid 8507] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8507] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8507] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8508 attached [pid 8499] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8499] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8508] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8508] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8508] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8507] <... clone3 resumed> => {parent_tid=[8508]}, 88) = 8508 [pid 8507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8507] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8508] <... futex resumed>) = 0 [pid 8507] <... futex resumed>) = 1 [pid 8508] memfd_create("syzkaller", 0 [pid 8507] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8497] <... futex resumed>) = ? [pid 8508] <... memfd_create resumed>) = 3 [pid 8499] +++ killed by SIGSEGV +++ [pid 8508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8506] <... ioctl resumed>) = 0 [pid 8497] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8497, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8508] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8506] close(3) = 0 [pid 5834] umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8506] close(4 [pid 8508] <... write resumed>) = 131072 [pid 8506] <... close resumed>) = 0 [pid 8505] <... ioctl resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8506] mkdir("./file1", 0777 [pid 8505] close(3 [pid 5834] newfstatat(3, "", [pid 8506] <... mkdir resumed>) = 0 [pid 8505] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8506] mount("/dev/loop1", "./file1", "exfat", 0, "" [ 212.831048][ T8499] exFAT-fs (loop4): error, data size is invalid(9000) [ 212.839837][ T8499] exFAT-fs (loop4): Filesystem has been set read-only [ 212.866569][ T8506] loop1: detected capacity change from 0 to 256 [ 212.871858][ T8505] loop0: detected capacity change from 0 to 256 [pid 8508] munmap(0x7f3002800000, 138412032 [pid 8505] close(4 [pid 5834] getdents64(3, [pid 8508] <... munmap resumed>) = 0 [pid 8508] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8505] <... close resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8505] mkdir("./file1", 0777) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8505] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8503] <... mount resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./230/file1", [pid 8503] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8503] <... openat resumed>) = 3 [pid 5834] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8503] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8503] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./230/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8503] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5834] <... openat resumed>) = 4 [pid 5834] newfstatat(4, "", [ 212.912890][ T8503] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8503] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8508] <... openat resumed>) = 4 [pid 8503] <... futex resumed>) = 1 [pid 8500] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8508] ioctl(4, LOOP_SET_FD, 3 [pid 8500] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] getdents64(4, [pid 8500] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8503] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] getdents64(4, [pid 8508] <... ioctl resumed>) = 0 [pid 8506] <... mount resumed>) = 0 [pid 8505] <... mount resumed>) = 0 [pid 8503] <... openat resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8503] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(4 [pid 8503] <... futex resumed>) = 1 [pid 8500] <... futex resumed>) = 0 [pid 8503] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8500] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8508] close(3 [pid 8505] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 212.965170][ T8506] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.969910][ T8505] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 212.979226][ T8508] loop2: detected capacity change from 0 to 256 [pid 8500] <... futex resumed>) = 0 [pid 5834] rmdir("./230/file1" [pid 8508] <... close resumed>) = 0 [pid 8506] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8505] <... openat resumed>) = 3 [pid 8503] mkdir("./file2", 0777 [pid 8500] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8508] close(4 [pid 8506] <... openat resumed>) = 3 [pid 8505] chdir("./file1" [pid 5834] <... rmdir resumed>) = 0 [pid 8505] <... chdir resumed>) = 0 [pid 8505] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8508] <... close resumed>) = 0 [pid 8506] chdir("./file1" [pid 8505] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8508] mkdir("./file1", 0777 [pid 8506] <... chdir resumed>) = 0 [pid 8505] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./230/binderfs", [pid 8508] <... mkdir resumed>) = 0 [pid 8506] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8505] <... futex resumed>) = 1 [pid 8501] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8508] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8506] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8505] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8501] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8506] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8501] <... futex resumed>) = 0 [pid 5834] unlink("./230/binderfs" [pid 8505] <... openat resumed>) = 4 [pid 8506] <... futex resumed>) = 1 [pid 8505] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8501] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8504] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 8504] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 8504] <... futex resumed>) = 0 [pid 8506] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8505] <... futex resumed>) = 0 [pid 8504] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8505] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8501] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 8506] <... openat resumed>) = 4 [pid 8505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8501] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8505] mkdir("./file2", 0777 [pid 8501] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] rmdir("./230" [pid 8506] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8506] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8504] <... futex resumed>) = 0 [ 213.020095][ T8503] exFAT-fs (loop3): error, data size is invalid(9000) [ 213.026969][ T8503] exFAT-fs (loop3): Filesystem has been set read-only [ 213.050891][ T8505] exFAT-fs (loop0): error, data size is invalid(9000) [ 213.057812][ T8505] exFAT-fs (loop0): Filesystem has been set read-only [pid 8504] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8506] <... futex resumed>) = 0 [pid 8504] <... futex resumed>) = 1 [pid 8506] mkdir("./file2", 0777 [pid 8504] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... rmdir resumed>) = 0 [pid 5834] mkdir("./231", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8500] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... ioctl resumed>) = 0 [pid 8500] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8500] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] close(3 [pid 8500] <... clone3 resumed> => {parent_tid=[8509]}, 88) = 8509 [pid 5834] <... close resumed>) = 0 ./strace-static-x86_64: Process 8509 attached [pid 8500] rt_sigprocmask(SIG_SETMASK, [], [pid 8503] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8503] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8500] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 8501] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8501] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8509] +++ killed by SIGSEGV +++ [pid 8501] <... mmap resumed>) = 0x7f300ac07000 [pid 8501] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8510 [pid 8503] +++ killed by SIGSEGV +++ [pid 8500] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8510 attached [pid 8501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8500, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8510] set_robust_list(0x55556b85b6a0, 24 [pid 8501] <... clone3 resumed> => {parent_tid=[8511]}, 88) = 8511 [pid 5833] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8511 attached [pid 8510] <... set_robust_list resumed>) = 0 [pid 8501] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8511] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8510] chdir("./231" [pid 8501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8511] <... rseq resumed>) = 0 [pid 8510] <... chdir resumed>) = 0 [pid 8501] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8511] set_robust_list(0x7f300ac279a0, 24 [pid 8510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8501] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8511] <... set_robust_list resumed>) = 0 [pid 8510] <... prctl resumed>) = 0 [pid 8501] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8511] rt_sigprocmask(SIG_SETMASK, [], [pid 8510] setpgid(0, 0 [pid 8511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8510] <... setpgid resumed>) = 0 [pid 5833] getdents64(3, [pid 8511] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8510] <... openat resumed>) = 3 [ 213.071227][ T8506] exFAT-fs (loop1): error, data size is invalid(9000) [ 213.102299][ T8506] exFAT-fs (loop1): Filesystem has been set read-only [pid 5833] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8510] write(3, "1000", 4 [pid 8505] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8510] <... write resumed>) = 4 [pid 8505] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8510] close(3) = 0 [pid 8510] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8510] write(1, "executing program\n", 18 [pid 8504] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8504] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] <... write resumed>) = 18 [pid 8504] <... futex resumed>) = 0 [pid 8510] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8510] <... futex resumed>) = 0 [pid 8504] <... mmap resumed>) = 0x7f300ac07000 [pid 8510] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8504] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8510] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8504] <... mprotect resumed>) = 0 [pid 8510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8504] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8504] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8512 attached [pid 8510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8504] <... clone3 resumed> => {parent_tid=[8512]}, 88) = 8512 [pid 8512] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8511] <... ioctl resumed>) = ? [pid 8510] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8504] rt_sigprocmask(SIG_SETMASK, [], [pid 8501] <... futex resumed>) = ? [pid 8512] <... rseq resumed>) = 0 [pid 8511] +++ killed by SIGSEGV +++ [pid 8510] <... mprotect resumed>) = 0 [pid 8504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8506] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8505] +++ killed by SIGSEGV +++ [pid 8504] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8501] +++ killed by SIGSEGV +++ [pid 8506] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8504] <... futex resumed>) = ? [pid 5833] <... umount2 resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8501, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] newfstatat(AT_FDCWD, "./232/file1", [pid 8512] +++ killed by SIGSEGV +++ [pid 8510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8506] +++ killed by SIGSEGV +++ [pid 8504] +++ killed by SIGSEGV +++ [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8513 attached [pid 5833] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8504, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8513] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8510] <... clone3 resumed> => {parent_tid=[8513]}, 88) = 8513 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8513] <... rseq resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 8513] set_robust_list(0x7f300ac489a0, 24 [pid 8510] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... openat resumed>) = 4 [pid 8513] <... set_robust_list resumed>) = 0 [pid 8510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] newfstatat(4, "", [pid 8513] rt_sigprocmask(SIG_SETMASK, [], [pid 8510] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8513] memfd_create("syzkaller", 0 [pid 8510] <... futex resumed>) = 0 [pid 5833] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8510] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(4, [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8513] <... memfd_create resumed>) = 3 [pid 5833] close(4 [pid 5831] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8513] <... mmap resumed>) = 0x7f3002800000 [pid 5833] rmdir("./232/file1" [pid 8513] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... rmdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5833] umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8508] <... mount resumed>) = 0 [pid 8508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 8508] <... openat resumed>) = 3 [pid 5833] newfstatat(AT_FDCWD, "./232/binderfs", [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8508] chdir("./file1" [pid 5830] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8513] <... write resumed>) = 131072 [pid 8508] <... chdir resumed>) = 0 [pid 8508] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8508] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] unlink("./232/binderfs" [pid 8508] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8513] munmap(0x7f3002800000, 138412032 [pid 8508] <... futex resumed>) = 1 [pid 8507] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8513] <... munmap resumed>) = 0 [pid 8508] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8507] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 213.119925][ T8508] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8507] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8508] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] newfstatat(AT_FDCWD, "./232/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 8508] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8508] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(4, [pid 8508] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8508] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./232/file1") = 0 [pid 5830] umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./232/binderfs" [pid 8513] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8507] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 8507] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8508] <... futex resumed>) = 0 [pid 8507] <... futex resumed>) = 1 [pid 5833] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./234/file1", [pid 5830] close(3 [pid 8508] mkdir("./file2", 0777 [pid 8507] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] rmdir("./232" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... close resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./232" [pid 5833] mkdir("./233", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] mkdir("./233", 0777 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... ioctl resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5830] close(3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5831] close(4 [pid 5833] close(3 [pid 5831] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5831] rmdir("./234/file1" [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8514 attached [pid 5831] umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] unlink("./234/binderfs" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b85b690) = 8515 [pid 5831] <... unlink resumed>) = 0 [pid 8514] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8514 [pid 8514] chdir("./233" [pid 5831] getdents64(3, ./strace-static-x86_64: Process 8515 attached [pid 8514] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8514] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] close(3 [pid 8514] <... prctl resumed>) = 0 [pid 8513] <... openat resumed>) = 4 [pid 8513] ioctl(4, LOOP_SET_FD, 3 [pid 8515] set_robust_list(0x55556b85b6a0, 24 [pid 8514] setpgid(0, 0 [pid 5831] <... close resumed>) = 0 [pid 8514] <... setpgid resumed>) = 0 [pid 5831] rmdir("./234" [pid 8514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... rmdir resumed>) = 0 [pid 8515] <... set_robust_list resumed>) = 0 [pid 8514] <... openat resumed>) = 3 [pid 5831] mkdir("./235", 0777 [pid 8515] chdir("./233" [pid 8514] write(3, "1000", 4) = 4 [pid 5831] <... mkdir resumed>) = 0 [pid 8515] <... chdir resumed>) = 0 [pid 8514] close(3 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8514] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8514] symlink("/dev/binderfs", "./binderfs" [pid 5831] ioctl(3, LOOP_CLR_FDexecuting program [pid 8514] <... symlink resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8514] write(1, "executing program\n", 18 [pid 5831] close(3 [pid 8514] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 8514] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8507] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8516 attached [pid 8515] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8514] <... futex resumed>) = 0 [pid 8507] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8516] set_robust_list(0x55556b85b6a0, 24 [pid 8515] <... prctl resumed>) = 0 [pid 8514] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8513] <... ioctl resumed>) = 0 [pid 8507] <... futex resumed>) = 0 [pid 8516] <... set_robust_list resumed>) = 0 [pid 8515] setpgid(0, 0 [pid 8514] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8513] close(3 [pid 8508] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8516 [pid 8514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8513] <... close resumed>) = 0 [pid 8507] <... mmap resumed>) = 0x7f300ac07000 [pid 8516] chdir("./235" [pid 8515] <... setpgid resumed>) = 0 [pid 8514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8513] close(4 [pid 8508] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8507] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8516] <... chdir resumed>) = 0 [pid 8515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8513] <... close resumed>) = 0 [pid 8507] <... mprotect resumed>) = ? [pid 8516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8515] <... openat resumed>) = 3 [pid 8514] <... mmap resumed>) = 0x7f300ac28000 [pid 8513] mkdir("./file1", 0777 [pid 8508] +++ killed by SIGSEGV +++ [pid 8507] +++ killed by SIGSEGV +++ [pid 8516] <... prctl resumed>) = 0 [pid 8515] write(3, "1000", 4 [pid 8514] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8513] <... mkdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8507, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8516] setpgid(0, 0 [pid 8515] <... write resumed>) = 4 [pid 8514] <... mprotect resumed>) = 0 [ 213.193925][ T8508] exFAT-fs (loop2): error, data size is invalid(9000) [ 213.219606][ T8513] loop4: detected capacity change from 0 to 256 [ 213.226378][ T8508] exFAT-fs (loop2): Filesystem has been set read-only [pid 8513] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8516] <... setpgid resumed>) = 0 [pid 8515] close(3 [pid 8514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8515] <... close resumed>) = 0 [pid 8514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8515] symlink("/dev/binderfs", "./binderfs" [pid 8514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8517 attached [pid 8516] <... openat resumed>) = 3 [pid 8515] <... symlink resumed>) = 0 [pid 8517] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8514] <... clone3 resumed> => {parent_tid=[8517]}, 88) = 8517 [pid 5832] umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8515] write(1, "executing program\n", 18 [pid 8517] <... rseq resumed>) = 0 executing program [pid 8514] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8517] set_robust_list(0x7f300ac489a0, 24 [pid 8515] <... write resumed>) = 18 [pid 8517] <... set_robust_list resumed>) = 0 [pid 8515] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8517] rt_sigprocmask(SIG_SETMASK, [], [pid 8516] write(3, "1000", 4 [pid 8515] <... futex resumed>) = 0 executing program [pid 8516] <... write resumed>) = 4 [pid 8517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8516] close(3 [pid 8515] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8514] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 3 [pid 8516] <... close resumed>) = 0 [pid 8515] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8516] symlink("/dev/binderfs", "./binderfs" [pid 8515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8517] memfd_create("syzkaller", 0 [pid 8516] <... symlink resumed>) = 0 [pid 8515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8514] <... futex resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 8516] write(1, "executing program\n", 18 [pid 8515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8514] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8516] <... write resumed>) = 18 [pid 8515] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] getdents64(3, [pid 8515] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8516] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8515] <... mprotect resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8517] <... memfd_create resumed>) = 3 [pid 8516] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8515] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8515] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8516] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8517] <... mmap resumed>) = 0x7f3002800000 ./strace-static-x86_64: Process 8518 attached [pid 8517] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8515] <... clone3 resumed> => {parent_tid=[8518]}, 88) = 8518 [pid 8515] rt_sigprocmask(SIG_SETMASK, [], [pid 8518] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8518] <... rseq resumed>) = 0 [pid 8516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8518] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8517] <... write resumed>) = 131072 [pid 8516] <... mmap resumed>) = 0x7f300ac28000 [pid 8515] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8518] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./227/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./227/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8517] munmap(0x7f3002800000, 138412032 [pid 8516] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8515] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8518] memfd_create("syzkaller", 0 [pid 8517] <... munmap resumed>) = 0 [pid 8516] <... mprotect resumed>) = 0 [pid 8515] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "./227/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8516] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 8517] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8516] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8518] <... memfd_create resumed>) = 3 [pid 8517] <... openat resumed>) = 4 [pid 8516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] getdents64(4, [pid 8517] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8519 attached [pid 8518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./227/file1") = 0 [pid 5832] umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./227/binderfs") = 0 [pid 5832] getdents64(3, [pid 8516] <... clone3 resumed> => {parent_tid=[8519]}, 88) = 8519 [pid 8513] <... mount resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8516] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] close(3) = 0 [pid 8519] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] rmdir("./227" [pid 8519] <... rseq resumed>) = 0 [pid 8518] <... mmap resumed>) = 0x7f3002800000 [pid 8516] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./228", 0777 [pid 8519] set_robust_list(0x7f300ac489a0, 24 [pid 8516] <... futex resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8519] <... set_robust_list resumed>) = 0 [pid 8518] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8516] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8519] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8520 attached NULL, 8) = 0 [pid 8513] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8520] set_robust_list(0x55556b85b6a0, 24 [pid 8513] <... openat resumed>) = 3 [pid 8520] <... set_robust_list resumed>) = 0 [pid 8519] memfd_create("syzkaller", 0 [pid 8513] chdir("./file1" [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8520 [pid 8520] chdir("./228" [pid 8519] <... memfd_create resumed>) = 3 [pid 8513] <... chdir resumed>) = 0 [pid 8520] <... chdir resumed>) = 0 [pid 8519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8513] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8520] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8519] <... mmap resumed>) = 0x7f3002800000 [pid 8518] <... write resumed>) = 131072 [pid 8517] <... ioctl resumed>) = 0 [pid 8513] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8520] <... prctl resumed>) = 0 [pid 8513] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] setpgid(0, 0 [pid 8513] <... futex resumed>) = 1 [pid 8510] <... futex resumed>) = 0 [pid 8520] <... setpgid resumed>) = 0 [pid 8519] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8518] munmap(0x7f3002800000, 138412032 [pid 8510] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8513] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8510] <... futex resumed>) = 0 [pid 8520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8510] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8513] <... openat resumed>) = 4 [pid 8517] close(3 [pid 8513] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] <... openat resumed>) = 3 [pid 8519] <... write resumed>) = 131072 [pid 8517] <... close resumed>) = 0 [pid 8513] <... futex resumed>) = 1 [pid 8510] <... futex resumed>) = 0 [pid 8520] write(3, "1000", 4 [pid 8518] <... munmap resumed>) = 0 [ 213.313955][ T8513] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 213.348588][ T8517] loop3: detected capacity change from 0 to 256 [pid 8517] close(4executing program [pid 8519] munmap(0x7f3002800000, 138412032 [pid 8518] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8520] <... write resumed>) = 4 [pid 8518] <... openat resumed>) = 4 [pid 8517] <... close resumed>) = 0 [pid 8510] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] close(3 [pid 8519] <... munmap resumed>) = 0 [pid 8518] ioctl(4, LOOP_SET_FD, 3 [pid 8517] mkdir("./file1", 0777 [pid 8513] mkdir("./file2", 0777 [pid 8510] <... futex resumed>) = 0 [pid 8517] <... mkdir resumed>) = 0 [pid 8510] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8520] <... close resumed>) = 0 [pid 8517] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8520] write(1, "executing program\n", 18) = 18 [pid 8520] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8520] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8520] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8519] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8521 attached [pid 8520] <... clone3 resumed> => {parent_tid=[8521]}, 88) = 8521 [pid 8520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8520] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8520] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8521] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8521] set_robust_list(0x7f300ac489a0, 24 [pid 8519] <... openat resumed>) = 4 [pid 8521] <... set_robust_list resumed>) = 0 [pid 8519] ioctl(4, LOOP_SET_FD, 3 [pid 8521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8521] memfd_create("syzkaller", 0) = 3 [pid 8521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8521] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8521] munmap(0x7f3002800000, 138412032) = 0 [pid 8518] <... ioctl resumed>) = 0 [pid 8513] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8510] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8518] close(3 [pid 8513] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8510] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8518] <... close resumed>) = 0 [pid 8510] <... futex resumed>) = 0 [pid 8518] close(4 [pid 8510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8518] <... close resumed>) = 0 [pid 8510] <... mmap resumed>) = ? [pid 8518] mkdir("./file1", 0777 [pid 8513] +++ killed by SIGSEGV +++ [pid 8521] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8518] <... mkdir resumed>) = 0 [pid 8521] <... openat resumed>) = 4 [pid 8518] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8510] +++ killed by SIGSEGV +++ [pid 8521] ioctl(4, LOOP_SET_FD, 3 [pid 8519] <... ioctl resumed>) = 0 [pid 8519] close(3 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8510, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8519] <... close resumed>) = 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8519] close(4 [pid 5834] <... restart_syscall resumed>) = 0 [ 213.392020][ T8513] exFAT-fs (loop4): error, data size is invalid(9000) [ 213.392532][ T8518] loop0: detected capacity change from 0 to 256 [ 213.419538][ T8513] exFAT-fs (loop4): Filesystem has been set read-only [ 213.419893][ T8519] loop1: detected capacity change from 0 to 256 [pid 8519] <... close resumed>) = 0 [pid 8519] mkdir("./file1", 0777 [pid 5834] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8519] <... mkdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8519] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5834] openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", [pid 8521] <... ioctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8521] close(3) = 0 [pid 8521] close(4) = 0 [pid 8521] mkdir("./file1", 0777) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8521] mount("/dev/loop2", "./file1", "exfat", 0, "" [ 213.467601][ T8521] loop2: detected capacity change from 0 to 256 [ 213.487149][ T8517] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 213.488243][ T8518] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8517] <... mount resumed>) = 0 [pid 8517] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8517] chdir("./file1") = 0 [pid 8517] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8517] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8514] <... futex resumed>) = 0 [pid 8514] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8514] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8517] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./231/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8517] <... openat resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 213.531347][ T8519] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./231/file1" [pid 8517] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8514] <... futex resumed>) = 0 [pid 8514] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8514] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8517] mkdir("./file2", 0777 [pid 5834] <... rmdir resumed>) = 0 [pid 8519] <... mount resumed>) = 0 [pid 8518] <... mount resumed>) = 0 [pid 5834] umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8518] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8519] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8518] <... openat resumed>) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8519] <... openat resumed>) = 3 [pid 8518] chdir("./file1" [pid 8519] chdir("./file1" [pid 8518] <... chdir resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8518] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] unlink("./231/binderfs" [pid 8518] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... unlink resumed>) = 0 [pid 8519] <... chdir resumed>) = 0 [pid 8518] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 8519] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8518] <... futex resumed>) = 1 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8518] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8514] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] close(3 [pid 8519] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8515] <... futex resumed>) = 0 [pid 8514] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [ 213.577111][ T8517] exFAT-fs (loop3): error, data size is invalid(9000) [ 213.591517][ T8521] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8515] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] <... futex resumed>) = 0 [pid 5834] rmdir("./231" [pid 8519] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8518] <... futex resumed>) = 0 [pid 8515] <... futex resumed>) = 1 [pid 8514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8519] <... futex resumed>) = 1 [pid 8518] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8516] <... futex resumed>) = 0 [pid 8515] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8514] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] mkdir("./232", 0777 [pid 8521] <... mount resumed>) = 0 [pid 8519] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8516] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... mkdir resumed>) = 0 [pid 8521] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8516] <... futex resumed>) = 0 [pid 8514] <... mprotect resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8516] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8519] <... openat resumed>) = 4 [pid 8514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... openat resumed>) = 3 [pid 8521] <... openat resumed>) = 3 [pid 8521] chdir("./file1" [pid 8518] <... openat resumed>) = 4 [pid 8514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8521] <... chdir resumed>) = 0 [pid 8521] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8519] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8518] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... ioctl resumed>) = 0 [pid 8521] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8519] <... futex resumed>) = 1 [pid 8518] <... futex resumed>) = 1 [pid 8516] <... futex resumed>) = 0 [pid 8515] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8521] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8519] mkdir("./file2", 0777 [pid 8518] mkdir("./file2", 0777 [pid 8516] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8515] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] <... clone3 resumed> => {parent_tid=[8522]}, 88) = 8522 [pid 8521] <... futex resumed>) = 1 [pid 8516] <... futex resumed>) = 0 [pid 8515] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8521] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8516] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8522 attached [pid 8520] <... futex resumed>) = 0 [pid 8515] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8514] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8520] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8520] <... futex resumed>) = 1 [pid 8514] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8522] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8520] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8517] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8514] <... futex resumed>) = 0 [pid 8522] <... rseq resumed>) = 0 [pid 8517] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8514] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8521] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8523 attached [pid 8521] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8514] <... futex resumed>) = ? [pid 8522] +++ killed by SIGSEGV +++ [pid 8517] +++ killed by SIGSEGV +++ [pid 8514] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8514, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8523] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8523 [pid 8523] <... set_robust_list resumed>) = 0 [pid 5833] umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8523] chdir("./232" [pid 8521] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8521] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8523] <... chdir resumed>) = 0 [pid 8521] <... futex resumed>) = 1 [pid 8520] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8523] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8520] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8520] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 8523] <... prctl resumed>) = 0 [pid 8520] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8521] mkdir("./file2", 0777 [ 213.649294][ T8517] exFAT-fs (loop3): Filesystem has been set read-only [ 213.668322][ T8519] exFAT-fs (loop1): error, data size is invalid(9000) [ 213.676052][ T8518] exFAT-fs (loop0): error, data size is invalid(9000) [pid 5833] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8523] setpgid(0, 0 [pid 8516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8523] <... setpgid resumed>) = 0 [pid 8516] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8516] <... futex resumed>) = 0 [pid 8516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8515] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8515] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8523] <... openat resumed>) = 3 [pid 8516] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8515] <... futex resumed>) = 0 [pid 8523] write(3, "1000", 4 [pid 8516] <... mprotect resumed>) = 0 [pid 8515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8523] <... write resumed>) = 4 [pid 8515] <... mmap resumed>) = 0x7f300ac07000 [pid 8515] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8515] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8515] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8523] close(3 [pid 5833] newfstatat(AT_FDCWD, "./233/file1", ./strace-static-x86_64: Process 8524 attached [pid 8523] <... close resumed>) = 0 [pid 8516] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8515] <... clone3 resumed> => {parent_tid=[8524]}, 88) = 8524 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8524] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8523] symlink("/dev/binderfs", "./binderfs" [pid 8516] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8524] <... rseq resumed>) = 0 [pid 8523] <... symlink resumed>) = 0 [pid 8520] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8515] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8520] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8525 attached [pid 8524] set_robust_list(0x7f300ac279a0, 24 [pid 8520] <... futex resumed>) = 0 [pid 8523] write(1, "executing program\n", 18 [pid 8515] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8518] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8515] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 4 executing program [pid 8523] <... write resumed>) = 18 [pid 8520] <... mmap resumed>) = 0x7f300ac07000 [pid 8518] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8515] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] newfstatat(4, "", [pid 8523] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8520] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8519] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8516] <... clone3 resumed> => {parent_tid=[8525]}, 88) = 8525 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8525] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8516] rt_sigprocmask(SIG_SETMASK, [], [pid 8525] <... rseq resumed>) = 0 [pid 8524] <... set_robust_list resumed>) = ? [pid 8523] <... futex resumed>) = 0 [pid 8520] <... mprotect resumed>) = 0 [pid 8519] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8515] <... futex resumed>) = ? [pid 5833] getdents64(4, [pid 8525] set_robust_list(0x7f300ac279a0, 24 [pid 8524] +++ killed by SIGSEGV +++ [pid 8516] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8523] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8525] <... set_robust_list resumed>) = -1 (errno 18446744073709551603) [pid 8523] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8516] <... futex resumed>) = 0 [pid 8523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8521] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8520] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8525] +++ killed by SIGSEGV +++ [pid 8523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8521] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8520] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8519] +++ killed by SIGSEGV +++ [pid 8518] +++ killed by SIGSEGV +++ [pid 8516] +++ killed by SIGSEGV +++ [pid 8515] +++ killed by SIGSEGV +++ [pid 5833] getdents64(4, [pid 8523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8515, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8523] <... mmap resumed>) = 0x7f300ac28000 [pid 8521] +++ killed by SIGSEGV +++ [ 213.706626][ T8519] exFAT-fs (loop1): Filesystem has been set read-only [ 213.719024][ T8521] exFAT-fs (loop2): error, data size is invalid(9000) [ 213.725837][ T8521] exFAT-fs (loop2): Filesystem has been set read-only [ 213.732957][ T8518] exFAT-fs (loop0): Filesystem has been set read-only [pid 5833] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8516, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8523] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8520] +++ killed by SIGSEGV +++ [pid 5833] <... close resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5833] rmdir("./233/file1" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8520, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 8523] <... mprotect resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 8523] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 5830] umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8523] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8526 attached [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... openat resumed>) = 3 [pid 5833] newfstatat(AT_FDCWD, "./233/binderfs", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 8523] <... clone3 resumed> => {parent_tid=[8526]}, 88) = 8526 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8526] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] unlink("./233/binderfs" [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, [pid 8523] rt_sigprocmask(SIG_SETMASK, [], [pid 8526] <... rseq resumed>) = 0 [pid 8523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5832] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8526] set_robust_list(0x7f300ac489a0, 24 [pid 8523] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8523] <... futex resumed>) = 0 [pid 5830] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8523] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8526] <... set_robust_list resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8526] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(3 [pid 8526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8526] memfd_create("syzkaller", 0 [pid 5833] rmdir("./233" [pid 8526] <... memfd_create resumed>) = 3 [pid 5833] <... rmdir resumed>) = 0 [pid 8526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] mkdir("./234", 0777 [pid 8526] <... mmap resumed>) = 0x7f3002800000 [pid 5833] <... mkdir resumed>) = 0 [pid 8526] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8526] <... write resumed>) = 131072 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8526] munmap(0x7f3002800000, 138412032 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8526] <... munmap resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8526] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] close(3 [pid 5832] newfstatat(AT_FDCWD, "./228/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./233/file1", [pid 8526] <... openat resumed>) = 4 [pid 5833] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./235/file1", [pid 8526] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./228/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8526] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "./228/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8527 attached [pid 8526] close(3 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8527] set_robust_list(0x55556b85b6a0, 24 [pid 8526] <... close resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8527 [pid 5832] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8527] <... set_robust_list resumed>) = 0 [pid 8526] close(4 [pid 5830] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8527] chdir("./234" [pid 8526] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] newfstatat(4, "", [pid 8527] <... chdir resumed>) = 0 [pid 8526] mkdir("./file1", 0777 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 4 [pid 8527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8527] <... prctl resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] newfstatat(4, "", [pid 5830] getdents64(4, [pid 8527] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8527] <... setpgid resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5832] close(4 [pid 5831] getdents64(4, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8526] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] close(4 [pid 8527] <... openat resumed>) = 3 [pid 8526] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] rmdir("./228/file1" [pid 5831] getdents64(4, [pid 8527] write(3, "1000", 4 [pid 5830] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8527] <... write resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(4 [pid 5830] rmdir("./233/file1" [pid 8527] close(3 [pid 5832] umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 8527] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5831] rmdir("./235/file1" [pid 8527] symlink("/dev/binderfs", "./binderfs" executing program [pid 5830] umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8527] <... symlink resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./228/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 8527] write(1, "executing program\n", 18 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8527] <... write resumed>) = 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(AT_FDCWD, "./233/binderfs", [pid 8527] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] unlink("./228/binderfs" [pid 5831] umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8527] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8527] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./233/binderfs" [pid 8527] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./235/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 8527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 8527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./235/binderfs" [pid 8527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] close(3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8527] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] close(3 [pid 8527] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] rmdir("./228" [pid 5830] <... close resumed>) = 0 [pid 8527] <... mprotect resumed>) = 0 [pid 5830] rmdir("./233" [pid 8527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8527] <... rt_sigprocmask resumed>[], 8) = 0 [ 213.831582][ T8526] loop4: detected capacity change from 0 to 256 [pid 8527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] mkdir("./229", 0777 [pid 5831] close(3 [pid 5830] mkdir("./234", 0777./strace-static-x86_64: Process 8528 attached [pid 8528] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8527] <... clone3 resumed> => {parent_tid=[8528]}, 88) = 8528 [pid 8527] rt_sigprocmask(SIG_SETMASK, [], [pid 8528] <... rseq resumed>) = 0 [pid 8528] set_robust_list(0x7f300ac489a0, 24 [pid 8527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8528] <... set_robust_list resumed>) = 0 [pid 8527] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8528] rt_sigprocmask(SIG_SETMASK, [], [pid 8527] <... futex resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8527] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8528] memfd_create("syzkaller", 0) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 8528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] rmdir("./235" [pid 8528] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8528] <... write resumed>) = 131072 [pid 5832] close(3 [pid 8528] munmap(0x7f3002800000, 138412032 [pid 8526] <... mount resumed>) = 0 [pid 5831] mkdir("./236", 0777 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 8528] <... munmap resumed>) = 0 [pid 8526] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8529 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5831] <... openat resumed>) = 3 [pid 8526] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8529 attached [pid 8528] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8526] chdir("./file1" [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8528] <... openat resumed>) = 4 [pid 8526] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 8528] ioctl(4, LOOP_SET_FD, 3 [pid 8526] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8529] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8526] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... close resumed>) = 0 [ 213.871486][ T8526] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8529] chdir("./229") = 0 [pid 8529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8529] setpgid(0, 0) = 0 [pid 8529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8529] write(3, "1000", 4) = 4 [pid 8529] close(3) = 0 [pid 8529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8526] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8523] <... futex resumed>) = 0 executing program [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8528] <... ioctl resumed>) = 0 [pid 8526] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8523] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] write(1, "executing program\n", 18 [pid 8523] <... futex resumed>) = 0 [pid 8526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8529] <... write resumed>) = 18 [pid 8523] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8529] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8529] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8526] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 8530 attached [pid 8529] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8530] set_robust_list(0x55556b85b6a0, 24 [pid 8529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8530] <... set_robust_list resumed>) = 0 [pid 8529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8530 ./strace-static-x86_64: Process 8531 attached [pid 8530] chdir("./236" [pid 8529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8528] close(3 [pid 8530] <... chdir resumed>) = 0 [pid 8529] <... mmap resumed>) = 0x7f300ac28000 [pid 8528] <... close resumed>) = 0 [pid 8531] set_robust_list(0x55556b85b6a0, 24 [pid 8526] <... openat resumed>) = 4 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8531 [pid 8531] <... set_robust_list resumed>) = 0 [pid 8528] close(4 [pid 8526] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8529] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8531] chdir("./234" [pid 8530] <... prctl resumed>) = 0 [pid 8529] <... mprotect resumed>) = 0 [pid 8528] <... close resumed>) = 0 [pid 8526] <... futex resumed>) = 1 [pid 8523] <... futex resumed>) = 0 [pid 8531] <... chdir resumed>) = 0 [pid 8530] setpgid(0, 0 [pid 8529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8528] mkdir("./file1", 0777 [pid 8526] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8523] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8531] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8530] <... setpgid resumed>) = 0 [pid 8529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8523] <... futex resumed>) = 0 [pid 8531] <... prctl resumed>) = 0 [pid 8530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8528] <... mkdir resumed>) = 0 [pid 8526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8523] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8532 attached [pid 8531] setpgid(0, 0 [pid 8530] <... openat resumed>) = 3 [pid 8526] mkdir("./file2", 0777 [pid 8532] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8531] <... setpgid resumed>) = 0 [pid 8529] <... clone3 resumed> => {parent_tid=[8532]}, 88) = 8532 [pid 8528] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8532] <... rseq resumed>) = 0 [pid 8531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8530] write(3, "1000", 4 [pid 8529] rt_sigprocmask(SIG_SETMASK, [], [pid 8532] set_robust_list(0x7f300ac489a0, 24 [pid 8529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8532] <... set_robust_list resumed>) = 0 [pid 8531] <... openat resumed>) = 3 [pid 8529] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8526] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8532] rt_sigprocmask(SIG_SETMASK, [], [pid 8529] <... futex resumed>) = 0 [ 213.921882][ T8528] loop3: detected capacity change from 0 to 256 [ 213.951408][ T8526] exFAT-fs (loop4): error, data size is invalid(9000) [ 213.959361][ T8526] exFAT-fs (loop4): Filesystem has been set read-only [pid 8532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8531] write(3, "1000", 4 [pid 8530] <... write resumed>) = 4 [pid 8529] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8526] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8530] close(3) = 0 [pid 8530] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8530] write(1, "executing program\n", 18) = 18 [pid 8530] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8532] memfd_create("syzkaller", 0 [pid 8531] <... write resumed>) = 4 [pid 8530] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8523] <... futex resumed>) = ? [pid 8532] <... memfd_create resumed>) = 3 [pid 8531] close(3 [pid 8532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8531] <... close resumed>) = 0 [pid 8528] <... mount resumed>) = 0 [pid 8526] +++ killed by SIGSEGV +++ [pid 8523] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8523, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5834] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", [pid 8532] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8531] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8528] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8530] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] getdents64(3, [pid 8531] <... symlink resumed>) = 0 [pid 8530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8531] write(1, "executing program\n", 18 [pid 8530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8528] <... openat resumed>) = 3 [pid 5834] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8531] <... write resumed>) = 18 [pid 8530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 8532] <... write resumed>) = 131072 [pid 8531] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... mmap resumed>) = 0x7f300ac28000 [pid 8528] chdir("./file1" [pid 5834] <... umount2 resumed>) = 0 [pid 8530] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8531] <... futex resumed>) = 0 [pid 8528] <... chdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8531] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8528] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] newfstatat(AT_FDCWD, "./232/file1", [pid 8532] munmap(0x7f3002800000, 138412032 [pid 8531] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8528] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8530] <... mprotect resumed>) = 0 [pid 8528] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8530] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8528] <... futex resumed>) = 1 [pid 8527] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8530] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8528] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8527] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8532] <... munmap resumed>) = 0 [pid 8531] <... mmap resumed>) = 0x7f300ac28000 [pid 8530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8527] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8533 attached [pid 8531] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8528] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8527] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(4, "", [pid 8533] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8531] <... mprotect resumed>) = 0 [pid 8530] <... clone3 resumed> => {parent_tid=[8533]}, 88) = 8533 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8533] <... rseq resumed>) = 0 [pid 8531] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8530] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] getdents64(4, [pid 8533] set_robust_list(0x7f300ac489a0, 24 [pid 8532] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8531] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8528] <... openat resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8533] <... set_robust_list resumed>) = 0 [pid 8531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8530] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8528] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(4, [pid 8533] rt_sigprocmask(SIG_SETMASK, [], [pid 8532] <... openat resumed>) = 4 [pid 8530] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8534 attached [pid 8533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8532] ioctl(4, LOOP_SET_FD, 3 [pid 8530] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8528] <... futex resumed>) = 1 [pid 8527] <... futex resumed>) = 0 [pid 5834] close(4 [pid 8534] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8533] memfd_create("syzkaller", 0 [pid 8531] <... clone3 resumed> => {parent_tid=[8534]}, 88) = 8534 [pid 8528] mkdir("./file2", 0777 [pid 8527] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8534] <... rseq resumed>) = 0 [pid 8533] <... memfd_create resumed>) = 3 [pid 5834] rmdir("./232/file1" [pid 8534] set_robust_list(0x7f300ac489a0, 24 [pid 8533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8534] <... set_robust_list resumed>) = 0 [pid 8533] <... mmap resumed>) = 0x7f3002800000 [pid 5834] umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8534] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8533] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] newfstatat(AT_FDCWD, "./232/binderfs", [pid 8534] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./232/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./232" [pid 8531] rt_sigprocmask(SIG_SETMASK, [], [pid 8527] <... futex resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5834] mkdir("./233", 0777) = 0 [pid 8533] <... write resumed>) = 131072 [ 213.974637][ T8528] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.007496][ T8532] loop2: detected capacity change from 0 to 256 [ 214.015230][ T8528] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8533] munmap(0x7f3002800000, 138412032 [pid 8532] <... ioctl resumed>) = 0 [pid 8531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8527] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8531] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8532] close(3 [pid 8531] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8528] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8534] <... futex resumed>) = 0 [pid 8534] memfd_create("syzkaller", 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8533] <... munmap resumed>) = 0 [pid 8532] <... close resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 8528] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8534] <... memfd_create resumed>) = 3 [pid 8532] close(4 [pid 8527] <... futex resumed>) = ? [ 214.022622][ T8528] exFAT-fs (loop3): Filesystem has been set read-only [pid 5834] close(3 [pid 8534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8533] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8532] <... close resumed>) = 0 [pid 8528] +++ killed by SIGSEGV +++ [pid 8527] +++ killed by SIGSEGV +++ [pid 5834] <... close resumed>) = 0 [pid 8533] <... openat resumed>) = 4 [pid 8533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8534] <... mmap resumed>) = 0x7f3002800000 [pid 8532] mkdir("./file1", 0777 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8527, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- ./strace-static-x86_64: Process 8535 attached [pid 8534] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8532] <... mkdir resumed>) = 0 [pid 8532] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8534] <... write resumed>) = 131072 [pid 8533] close(3 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8535 [pid 8535] set_robust_list(0x55556b85b6a0, 24 [pid 8533] <... close resumed>) = 0 [pid 8535] <... set_robust_list resumed>) = 0 [pid 8533] close(4 [pid 8535] chdir("./233" [pid 8534] munmap(0x7f3002800000, 138412032 [pid 8533] <... close resumed>) = 0 [pid 8535] <... chdir resumed>) = 0 [pid 8534] <... munmap resumed>) = 0 [pid 8533] mkdir("./file1", 0777 [pid 8535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8534] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8533] <... mkdir resumed>) = 0 [pid 8535] <... prctl resumed>) = 0 [pid 8534] <... openat resumed>) = 4 [pid 8533] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8535] setpgid(0, 0 [pid 8534] ioctl(4, LOOP_SET_FD, 3 [pid 8535] <... setpgid resumed>) = 0 [pid 5833] umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... openat resumed>) = 3 [pid 8535] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8535] write(3, "1000", 4executing program ) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8535] close(3) = 0 [pid 8535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8535] write(1, "executing program\n", 18) = 18 [pid 8535] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8535] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8535] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8536 attached => {parent_tid=[8536]}, 88) = 8536 [pid 8534] <... ioctl resumed>) = 0 [pid 5833] getdents64(3, [pid 8535] rt_sigprocmask(SIG_SETMASK, [], [pid 8534] close(3 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8534] <... close resumed>) = 0 [pid 8535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8534] close(4 [pid 8536] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8535] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8534] <... close resumed>) = 0 [pid 5833] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8536] <... rseq resumed>) = 0 [pid 8535] <... futex resumed>) = 0 [pid 8536] set_robust_list(0x7f300ac489a0, 24 [pid 8534] mkdir("./file1", 0777 [pid 5833] <... umount2 resumed>) = 0 [pid 8536] <... set_robust_list resumed>) = 0 [pid 8535] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8534] <... mkdir resumed>) = 0 [pid 8532] <... mount resumed>) = 0 [pid 5833] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./234/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 214.060003][ T8533] loop1: detected capacity change from 0 to 256 [ 214.087303][ T8534] loop0: detected capacity change from 0 to 256 [ 214.097197][ T8532] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8536] rt_sigprocmask(SIG_SETMASK, [], [pid 8534] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8532] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8536] memfd_create("syzkaller", 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8536] <... memfd_create resumed>) = 3 [pid 8532] <... openat resumed>) = 3 [pid 8536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8536] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8532] chdir("./file1" [pid 5833] openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8532] <... chdir resumed>) = 0 [pid 8532] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... openat resumed>) = 4 [pid 8532] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] newfstatat(4, "", [pid 8532] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8532] <... futex resumed>) = 1 [pid 8529] <... futex resumed>) = 0 [pid 8529] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 8532] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8529] <... futex resumed>) = 0 [pid 8536] <... write resumed>) = 131072 [pid 8529] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8536] munmap(0x7f3002800000, 138412032) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8532] <... openat resumed>) = 4 [pid 5833] getdents64(4, [pid 8536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8532] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(4 [pid 8536] <... openat resumed>) = 4 [pid 8532] <... futex resumed>) = 1 [pid 5833] <... close resumed>) = 0 [pid 8532] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] <... futex resumed>) = 0 [pid 5833] rmdir("./234/file1" [pid 8536] ioctl(4, LOOP_SET_FD, 3 [pid 8529] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 8529] <... futex resumed>) = 1 [pid 5833] umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8529] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8536] <... ioctl resumed>) = 0 [pid 8533] <... mount resumed>) = 0 [pid 8532] <... futex resumed>) = 0 [ 214.151496][ T8533] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.178192][ T8536] loop4: detected capacity change from 0 to 256 [pid 5833] newfstatat(AT_FDCWD, "./234/binderfs", [pid 8536] close(3 [pid 8532] mkdir("./file2", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8533] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8536] <... close resumed>) = 0 [pid 8533] <... openat resumed>) = 3 [pid 5833] unlink("./234/binderfs" [pid 8536] close(4 [pid 8533] chdir("./file1" [pid 5833] <... unlink resumed>) = 0 [pid 8536] <... close resumed>) = 0 [pid 8533] <... chdir resumed>) = 0 [pid 5833] getdents64(3, [pid 8536] mkdir("./file1", 0777 [pid 8533] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8536] <... mkdir resumed>) = 0 [pid 8533] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] close(3 [pid 8533] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8536] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8533] <... futex resumed>) = 1 [pid 5833] rmdir("./234" [pid 8533] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... rmdir resumed>) = 0 [pid 8530] <... futex resumed>) = 0 [pid 5833] mkdir("./235", 0777 [pid 8530] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8533] <... futex resumed>) = 0 [pid 8533] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8530] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8533] <... openat resumed>) = 4 [pid 5833] <... mkdir resumed>) = 0 [pid 8533] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8529] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8529] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8533] <... futex resumed>) = 1 [pid 8530] <... futex resumed>) = 0 [pid 8529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8530] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8533] mkdir("./file2", 0777 [pid 8530] <... futex resumed>) = 0 [pid 8529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8530] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8537 attached [pid 8529] <... clone3 resumed> => {parent_tid=[8537]}, 88) = 8537 [ 214.192619][ T8534] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.203148][ T8532] exFAT-fs (loop2): error, data size is invalid(9000) [ 214.232794][ T8532] exFAT-fs (loop2): Filesystem has been set read-only [ 214.243968][ T8533] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8529] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8529] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b85b690) = 8538 [pid 8534] <... mount resumed>) = 0 [pid 8537] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8534] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8537] <... rseq resumed>) = 0 [pid 8537] set_robust_list(0x7f300ac279a0, 24 [pid 8534] <... openat resumed>) = 3 [pid 8537] <... set_robust_list resumed>) = 0 [pid 8534] chdir("./file1" [pid 8537] rt_sigprocmask(SIG_SETMASK, [], [pid 8534] <... chdir resumed>) = 0 [pid 8537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8534] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8537] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8534] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8538 attached [pid 8537] <... ioctl resumed>) = 0 [pid 8534] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8534] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8537] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8531] <... futex resumed>) = 0 [pid 8537] <... futex resumed>) = 1 [pid 8531] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] <... futex resumed>) = 0 [pid 8538] set_robust_list(0x55556b85b6a0, 24 [pid 8534] <... futex resumed>) = 0 [pid 8531] <... futex resumed>) = 1 [pid 8531] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8538] <... set_robust_list resumed>) = 0 [pid 8537] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8534] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8538] chdir("./235" [pid 8534] <... openat resumed>) = 4 [pid 8538] <... chdir resumed>) = 0 [pid 8530] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8534] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8538] setpgid(0, 0 [pid 8534] <... futex resumed>) = 1 [pid 8532] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8531] <... futex resumed>) = 0 [pid 8530] <... futex resumed>) = 0 [pid 8538] <... setpgid resumed>) = 0 [pid 8538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8534] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8532] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8531] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8531] <... futex resumed>) = 0 [pid 8530] <... mmap resumed>) = 0x7f300ac07000 [pid 8538] <... openat resumed>) = 3 [pid 8531] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8538] write(3, "1000", 4 [pid 8537] <... futex resumed>) = ? [ 214.262523][ T8536] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.282206][ T8533] exFAT-fs (loop1): Filesystem has been set read-only [ 214.300708][ T8534] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8534] mkdir("./file2", 0777 [pid 8530] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8538] <... write resumed>) = 4 [pid 8537] +++ killed by SIGSEGV +++ [pid 8536] <... mount resumed>) = 0 [pid 8533] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8532] +++ killed by SIGSEGV +++ [pid 8529] +++ killed by SIGSEGV +++ [pid 8538] close(3 [pid 8536] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY executing program [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8529, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8538] <... close resumed>) = 0 [pid 8536] <... openat resumed>) = 3 [pid 8533] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8530] <... mprotect resumed>) = 0 [pid 8538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8536] chdir("./file1" [pid 8538] write(1, "executing program\n", 18 [pid 8536] <... chdir resumed>) = 0 [pid 8538] <... write resumed>) = 18 [pid 5832] umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8538] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8538] <... futex resumed>) = 0 [pid 8536] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8538] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8536] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8538] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8536] <... futex resumed>) = 1 [pid 8535] <... futex resumed>) = 0 [pid 8533] +++ killed by SIGSEGV +++ [pid 5832] <... openat resumed>) = 3 [pid 8538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8536] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(3, "", [pid 8538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8535] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] +++ killed by SIGSEGV +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8538] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8530, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 214.307818][ T8534] exFAT-fs (loop0): Filesystem has been set read-only [pid 5832] getdents64(3, [pid 8538] <... mprotect resumed>) = 0 [pid 8536] <... futex resumed>) = 0 [pid 8535] <... futex resumed>) = 1 [pid 8531] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8536] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8531] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8531] <... futex resumed>) = 0 [pid 8535] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8534] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8531] <... mmap resumed>) = 0x7f300ac07000 [pid 8534] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8531] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8531] <... mprotect resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8536] <... openat resumed>) = 4 [pid 8534] +++ killed by SIGSEGV +++ [pid 8531] +++ killed by SIGSEGV +++ [pid 5832] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8536] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8535] <... futex resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8531, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8535] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8536] mkdir("./file2", 0777 [pid 8535] <... futex resumed>) = 0 [pid 8535] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... restart_syscall resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8538] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8538] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8536] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] newfstatat(AT_FDCWD, "./229/file1", [pid 8536] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8539 attached [pid 8535] <... futex resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8538] <... clone3 resumed> => {parent_tid=[8539]}, 88) = 8539 [pid 8536] +++ killed by SIGSEGV +++ [pid 8535] +++ killed by SIGSEGV +++ [pid 5832] umount2("./229/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8538] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8539] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8535, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8539] <... rseq resumed>) = 0 [pid 8538] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8538] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./229/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 8539] set_robust_list(0x7f300ac489a0, 24 [pid 8538] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8539] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(3, [pid 5832] newfstatat(4, "", [pid 5831] newfstatat(AT_FDCWD, "./236/file1", [pid 8539] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, [pid 8539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8539] memfd_create("syzkaller", 0 [pid 5832] getdents64(4, [pid 5831] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8539] <... memfd_create resumed>) = 3 [pid 8539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 214.374576][ T8536] exFAT-fs (loop4): error, data size is invalid(9000) [ 214.390132][ T8536] exFAT-fs (loop4): Filesystem has been set read-only [pid 5830] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8539] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(4, [pid 5831] <... openat resumed>) = 4 [pid 5834] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(4, "", [pid 5832] close(4 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8539] <... write resumed>) = 131072 [pid 5834] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] rmdir("./229/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./234/file1", [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] newfstatat(AT_FDCWD, "./233/file1", [pid 5832] <... rmdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8539] munmap(0x7f3002800000, 138412032 [pid 5834] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./236/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./229/binderfs", [pid 8539] <... munmap resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] unlink("./229/binderfs" [pid 8539] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 4 [pid 8539] <... openat resumed>) = 4 [pid 5834] <... openat resumed>) = 4 [pid 8539] ioctl(4, LOOP_SET_FD, 3 [pid 5834] newfstatat(4, "", [pid 5832] <... unlink resumed>) = 0 [pid 5831] umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5834] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(AT_FDCWD, "./236/binderfs", [pid 5834] getdents64(4, [pid 5830] getdents64(4, [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] close(4 [pid 5830] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5831] unlink("./236/binderfs" [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./229" [pid 5830] close(4 [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./233/file1" [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] rmdir("./234/file1" [pid 5831] getdents64(3, [pid 5834] umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./233/binderfs", [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./233/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./233") = 0 [pid 5834] mkdir("./234", 0777) = 0 [pid 5832] mkdir("./230", 0777 [pid 5831] close(3 [pid 5830] umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./234/binderfs", [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] close(3) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] rmdir("./236" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] unlink("./234/binderfs"./strace-static-x86_64: Process 8540 attached [pid 8539] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8540] set_robust_list(0x55556b85b6a0, 24 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] getdents64(3, [pid 8540] <... set_robust_list resumed>) = 0 [pid 8539] close(3 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8540] chdir("./234" [pid 8539] <... close resumed>) = 0 [pid 8540] <... chdir resumed>) = 0 [pid 8539] close(4 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8540 [pid 5832] <... close resumed>) = 0 [pid 5831] mkdir("./237", 0777 [pid 5830] close(3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8539] <... close resumed>) = 0 [pid 8540] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8539] mkdir("./file1", 0777 [pid 8540] <... prctl resumed>) = 0 [pid 8539] <... mkdir resumed>) = 0 [pid 5830] rmdir("./234" [pid 8540] setpgid(0, 0) = 0 [pid 8540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8539] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8541 attached [pid 8540] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] mkdir("./235", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8541] set_robust_list(0x55556b85b6a0, 24 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8541] <... set_robust_list resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] close(3 [pid 8541] chdir("./230" [pid 5830] <... ioctl resumed>) = 0 [pid 8541] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 8541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] <... close resumed>) = 0 executing program [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8541] setpgid(0, 0 [pid 8540] write(3, "1000", 4) = 4 [pid 8540] close(3) = 0 [pid 8540] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 8542 attached [pid 8541] <... setpgid resumed>) = 0 [pid 8540] write(1, "executing program\n", 18 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8541 [pid 8541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8540] <... write resumed>) = 18 [pid 8540] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... close resumed>) = 0 [ 214.453620][ T8539] loop3: detected capacity change from 0 to 256 [pid 8542] set_robust_list(0x55556b85b6a0, 24 [pid 8541] <... openat resumed>) = 3 [pid 8540] <... futex resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8540] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8542] <... set_robust_list resumed>) = 0 [pid 8541] write(3, "1000", 4 [pid 8540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8542 [pid 8541] <... write resumed>) = 4 [pid 8541] close(3./strace-static-x86_64: Process 8543 attached [pid 8542] chdir("./235" [pid 8541] <... close resumed>) = 0 [pid 8540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8543 [pid 8541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8540] <... mmap resumed>) = 0x7f300ac28000 executing program [pid 8541] write(1, "executing program\n", 18) = 18 [pid 8540] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8541] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8540] <... mprotect resumed>) = 0 [pid 8542] <... chdir resumed>) = 0 [pid 8541] <... futex resumed>) = 0 [pid 8540] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8541] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8543] set_robust_list(0x55556b85b6a0, 24 [pid 8541] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8542] <... prctl resumed>) = 0 [pid 8541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8540] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8543] <... set_robust_list resumed>) = 0 [pid 8542] setpgid(0, 0 [pid 8541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8542] <... setpgid resumed>) = 0 [pid 8541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8544 attached [pid 8543] chdir("./237" [pid 8542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8541] <... mmap resumed>) = 0x7f300ac28000 [pid 8543] <... chdir resumed>) = 0 [pid 8540] <... clone3 resumed> => {parent_tid=[8544]}, 88) = 8544 [pid 8543] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8540] rt_sigprocmask(SIG_SETMASK, [], [pid 8543] <... prctl resumed>) = 0 [pid 8540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8543] setpgid(0, 0 [pid 8540] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8543] <... setpgid resumed>) = 0 [pid 8540] <... futex resumed>) = 0 [pid 8543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8540] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8543] <... openat resumed>) = 3 [pid 8541] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8542] <... openat resumed>) = 3 [pid 8543] write(3, "1000", 4 [pid 8542] write(3, "1000", 4 [pid 8541] <... mprotect resumed>) = 0 [pid 8543] <... write resumed>) = 4 [pid 8543] close(3) = 0 [pid 8543] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 8544] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8543] <... symlink resumed>) = 0 [pid 8542] <... write resumed>) = 4 [pid 8541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8544] <... rseq resumed>) = 0 [pid 8542] close(3 [pid 8544] set_robust_list(0x7f300ac489a0, 24 [pid 8543] write(1, "executing program\n", 18 [pid 8544] <... set_robust_list resumed>) = 0 [pid 8542] <... close resumed>) = 0 [pid 8544] rt_sigprocmask(SIG_SETMASK, [], [pid 8542] symlink("/dev/binderfs", "./binderfs" [pid 8544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8543] <... write resumed>) = 18 [pid 8543] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8543] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8542] <... symlink resumed>) = 0 [pid 8543] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8544] memfd_create("syzkaller", 0 [pid 8543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8542] write(1, "executing program\n", 18 [pid 8544] <... memfd_create resumed>) = 3 [pid 8543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8542] <... write resumed>) = 18 [pid 8544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8543] <... mmap resumed>) = 0x7f300ac28000 [pid 8542] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8543] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8544] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8543] <... mprotect resumed>) = 0 [pid 8542] <... futex resumed>) = 0 [pid 8543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8545 attached => {parent_tid=[8545]}, 88) = 8545 [pid 8543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8543] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8543] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8545] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8542] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8545] <... rseq resumed>) = 0 [pid 8545] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8545] memfd_create("syzkaller", 0 [pid 8539] <... mount resumed>) = 0 [pid 8545] <... memfd_create resumed>) = 3 [pid 8539] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8539] <... openat resumed>) = 3 [pid 8545] <... mmap resumed>) = 0x7f3002800000 [ 214.549284][ T8539] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8539] chdir("./file1" [pid 8545] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8539] <... chdir resumed>) = 0 [pid 8539] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8545] <... write resumed>) = 131072 [pid 8539] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8539] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8538] <... futex resumed>) = 0 [pid 8538] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8538] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8539] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8539] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8538] <... futex resumed>) = 0 [pid 8538] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8538] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8545] munmap(0x7f3002800000, 138412032 [pid 8539] mkdir("./file2", 0777 [pid 8544] <... write resumed>) = 131072 [pid 8541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8542] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8545] <... munmap resumed>) = 0 [pid 8544] munmap(0x7f3002800000, 138412032 [pid 8542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 ./strace-static-x86_64: Process 8546 attached [pid 8544] <... munmap resumed>) = 0 [pid 8542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8541] <... clone3 resumed> => {parent_tid=[8546]}, 88) = 8546 [pid 8542] <... mmap resumed>) = 0x7f300ac28000 [pid 8545] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8542] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8541] rt_sigprocmask(SIG_SETMASK, [], [pid 8545] <... openat resumed>) = 4 [pid 8542] <... mprotect resumed>) = 0 [pid 8541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8546] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8545] ioctl(4, LOOP_SET_FD, 3 [pid 8541] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8546] <... rseq resumed>) = 0 [pid 8545] <... ioctl resumed>) = 0 [pid 8544] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8541] <... futex resumed>) = 0 [pid 8542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8546] set_robust_list(0x7f300ac489a0, 24 [pid 8541] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8546] <... set_robust_list resumed>) = 0 [pid 8546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8546] memfd_create("syzkaller", 0./strace-static-x86_64: Process 8547 attached ) = 3 [pid 8546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8546] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8547] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8545] close(3 [pid 8544] <... openat resumed>) = 4 [pid 8542] <... clone3 resumed> => {parent_tid=[8547]}, 88) = 8547 [pid 8539] <... mkdir resumed>) = -1 EIO (Input/output error) [ 214.608710][ T8539] exFAT-fs (loop3): error, data size is invalid(9000) [ 214.629443][ T8545] loop1: detected capacity change from 0 to 256 [ 214.641455][ T8539] exFAT-fs (loop3): Filesystem has been set read-only [pid 8547] <... rseq resumed>) = 0 [pid 8546] <... write resumed>) = 131072 [pid 8545] <... close resumed>) = 0 [pid 8544] ioctl(4, LOOP_SET_FD, 3 [pid 8542] rt_sigprocmask(SIG_SETMASK, [], [pid 8539] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8547] set_robust_list(0x7f300ac489a0, 24 [pid 8546] munmap(0x7f3002800000, 138412032 [pid 8545] close(4 [pid 8538] <... futex resumed>) = ? [pid 8547] <... set_robust_list resumed>) = 0 [pid 8545] <... close resumed>) = 0 [pid 8542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8539] +++ killed by SIGSEGV +++ [pid 8538] +++ killed by SIGSEGV +++ [pid 8547] rt_sigprocmask(SIG_SETMASK, [], [pid 8545] mkdir("./file1", 0777 [pid 8547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8542] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8538, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8547] memfd_create("syzkaller", 0 [pid 8545] <... mkdir resumed>) = 0 [pid 8542] <... futex resumed>) = 0 [pid 8547] <... memfd_create resumed>) = 3 [pid 8547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8542] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 214.654470][ T8544] loop4: detected capacity change from 0 to 256 [pid 8545] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8547] <... mmap resumed>) = 0x7f3002800000 [pid 8546] <... munmap resumed>) = 0 [pid 8546] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8546] ioctl(4, LOOP_SET_FD, 3 [pid 8547] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8544] <... ioctl resumed>) = 0 [pid 5833] umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8544] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8544] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8547] <... write resumed>) = 131072 [pid 8544] close(4 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8544] <... close resumed>) = 0 [pid 8544] mkdir("./file1", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8547] munmap(0x7f3002800000, 138412032 [pid 8544] <... mkdir resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8547] <... munmap resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8544] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5833] newfstatat(AT_FDCWD, "./235/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8547] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8547] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8547] ioctl(4, LOOP_SET_FD, 3 [pid 5833] openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8546] <... ioctl resumed>) = 0 [pid 8547] <... ioctl resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 8546] close(3) = 0 [pid 8546] close(4) = 0 [pid 8546] mkdir("./file1", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 214.682372][ T8546] loop2: detected capacity change from 0 to 256 [ 214.707073][ T8547] loop0: detected capacity change from 0 to 256 [ 214.719489][ T8545] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8547] close(3 [pid 8546] <... mkdir resumed>) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8546] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5833] close(4 [pid 8547] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8547] close(4 [pid 5833] rmdir("./235/file1" [pid 8547] <... close resumed>) = 0 [pid 8547] mkdir("./file1", 0777 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8547] <... mkdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8547] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] unlink("./235/binderfs" [pid 8545] <... mount resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5833] getdents64(3, [pid 8545] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8545] <... openat resumed>) = 3 [pid 5833] close(3 [pid 8545] chdir("./file1") = 0 [pid 5833] <... close resumed>) = 0 [pid 8545] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] rmdir("./235" [pid 8545] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8545] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8543] <... futex resumed>) = 0 [pid 8543] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8543] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8545] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8544] <... mount resumed>) = 0 [ 214.748351][ T8544] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.763736][ T8546] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8545] <... openat resumed>) = 4 [pid 8545] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8543] <... futex resumed>) = 0 [pid 8543] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8543] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8545] mkdir("./file2", 0777 [pid 8544] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... rmdir resumed>) = 0 [pid 5833] mkdir("./236", 0777 [pid 8544] <... openat resumed>) = 3 [pid 5833] <... mkdir resumed>) = 0 [pid 8546] <... mount resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8546] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8546] chdir("./file1") = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [ 214.800850][ T8547] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 214.809586][ T8545] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8546] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8546] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8544] chdir("./file1" [pid 8541] <... futex resumed>) = 0 [pid 8541] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8541] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8546] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8546] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8541] <... futex resumed>) = 0 [pid 8541] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8541] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8546] mkdir("./file2", 0777 [pid 8544] <... chdir resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8544] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8544] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] close(3 [pid 8544] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8540] <... futex resumed>) = 0 [pid 8540] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8544] <... futex resumed>) = 0 [pid 8540] <... futex resumed>) = 1 [pid 5833] <... close resumed>) = 0 [pid 8544] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8543] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8540] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8547] <... mount resumed>) = 0 [pid 8544] <... openat resumed>) = 4 [pid 8543] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8543] <... futex resumed>) = 0 [pid 8543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8543] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8547] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8544] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8549]}, 88) = 8549 [pid 8543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8543] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8543] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8548 attached [pid 8544] <... futex resumed>) = 1 [pid 8540] <... futex resumed>) = 0 [pid 8547] <... openat resumed>) = 3 [pid 8544] mkdir("./file2", 0777 [pid 8540] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8549 attached ) = 0 [pid 8547] chdir("./file1" [pid 8541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8540] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8548 [pid 8549] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8548] set_robust_list(0x55556b85b6a0, 24 [pid 8547] <... chdir resumed>) = 0 [pid 8541] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8547] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8549] <... rseq resumed>) = 0 [pid 8548] <... set_robust_list resumed>) = 0 [pid 8541] <... futex resumed>) = 0 [pid 8549] set_robust_list(0x7f300ac279a0, 24 [pid 8548] chdir("./236" [pid 8547] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8549] <... set_robust_list resumed>) = 0 [pid 8548] <... chdir resumed>) = 0 [pid 8541] <... mmap resumed>) = 0x7f300ac07000 [pid 8549] rt_sigprocmask(SIG_SETMASK, [], [pid 8548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8541] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] <... prctl resumed>) = 0 [pid 8547] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8541] <... mprotect resumed>) = 0 [pid 8549] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8548] setpgid(0, 0 [pid 8547] <... futex resumed>) = 1 [pid 8542] <... futex resumed>) = 0 [pid 8541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8549] <... ioctl resumed>) = 0 [pid 8548] <... setpgid resumed>) = 0 [pid 8541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8549] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8545] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8550 attached [pid 8549] <... futex resumed>) = 1 [pid 8548] <... openat resumed>) = 3 [pid 8547] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8545] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8543] <... futex resumed>) = 0 [pid 8542] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] write(3, "1000", 4 [pid 8541] <... clone3 resumed> => {parent_tid=[8550]}, 88) = 8550 [pid 8542] <... futex resumed>) = 0 [pid 8548] <... write resumed>) = 4 [pid 8541] rt_sigprocmask(SIG_SETMASK, [], [pid 8542] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8548] close(3 [pid 8541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] <... close resumed>) = 0 [pid 8541] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] symlink("/dev/binderfs", "./binderfs" [pid 8541] <... futex resumed>) = 0 [pid 8550] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8548] <... symlink resumed>) = 0 [ 214.845348][ T8546] exFAT-fs (loop2): error, data size is invalid(9000) [ 214.864741][ T8545] exFAT-fs (loop1): Filesystem has been set read-only [ 214.880357][ T8546] exFAT-fs (loop2): Filesystem has been set read-only [ 214.880884][ T8544] exFAT-fs (loop4): error, data size is invalid(9000) executing program [pid 8541] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8550] <... rseq resumed>) = 0 [pid 8549] +++ killed by SIGSEGV +++ [pid 8548] write(1, "executing program\n", 18 [pid 8545] +++ killed by SIGSEGV +++ [pid 8543] +++ killed by SIGSEGV +++ [pid 8550] set_robust_list(0x7f300ac279a0, 24 [pid 8548] <... write resumed>) = 18 [pid 8547] <... openat resumed>) = 4 [pid 8550] <... set_robust_list resumed>) = 0 [pid 8548] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8550] rt_sigprocmask(SIG_SETMASK, [], [pid 8548] <... futex resumed>) = 0 [pid 8547] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8543, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8547] <... futex resumed>) = 1 [pid 8542] <... futex resumed>) = 0 [pid 8550] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8548] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8542] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8550] <... ioctl resumed>) = 0 [pid 8548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8547] mkdir("./file2", 0777 [pid 8546] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8542] <... futex resumed>) = 0 [pid 8550] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8550] <... futex resumed>) = 1 [pid 8548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8546] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8541] <... futex resumed>) = 9 [pid 8548] <... mmap resumed>) = 0x7f300ac28000 [pid 8550] +++ killed by SIGSEGV +++ [pid 8548] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8546] +++ killed by SIGSEGV +++ [pid 8542] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8541] +++ killed by SIGSEGV +++ [pid 8548] <... mprotect resumed>) = 0 [pid 8548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8551 attached [pid 8551] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8548] <... clone3 resumed> => {parent_tid=[8551]}, 88) = 8551 [pid 8551] <... rseq resumed>) = 0 [pid 8548] rt_sigprocmask(SIG_SETMASK, [], [pid 8551] set_robust_list(0x7f300ac489a0, 24 [pid 8548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8551] <... set_robust_list resumed>) = 0 [pid 8548] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8551] rt_sigprocmask(SIG_SETMASK, [], [pid 8548] <... futex resumed>) = 0 [pid 8551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8551] memfd_create("syzkaller", 0) = 3 [pid 8551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8551] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8551] <... write resumed>) = 131072 [pid 8540] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8541, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8544] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8551] munmap(0x7f3002800000, 138412032 [pid 8544] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8544] +++ killed by SIGSEGV +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8551] <... munmap resumed>) = 0 [pid 8540] +++ killed by SIGSEGV +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8540, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5834] umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8551] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8547] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8542] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8542] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(3, "", [pid 8542] <... futex resumed>) = 0 [pid 5831] getdents64(3, [pid 8551] <... openat resumed>) = 4 [pid 8542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8547] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8542] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] getdents64(3, [pid 5831] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8551] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8547] +++ killed by SIGSEGV +++ [pid 8542] +++ killed by SIGSEGV +++ [pid 5832] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8542, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 214.918859][ T8547] exFAT-fs (loop0): error, data size is invalid(9000) [ 214.928277][ T8544] exFAT-fs (loop4): Filesystem has been set read-only [ 214.946220][ T8547] exFAT-fs (loop0): Filesystem has been set read-only [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5834] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5834] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./234/file1", [pid 5832] newfstatat(AT_FDCWD, "./230/file1", [pid 5831] newfstatat(AT_FDCWD, "./237/file1", [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./230/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./230/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 5830] openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] newfstatat(4, "", [pid 5832] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 5830] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 5834] getdents64(4, [pid 5832] newfstatat(4, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5830] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(4, [pid 5831] getdents64(4, [pid 5830] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] getdents64(4, [pid 5832] getdents64(4, [pid 5831] close(4 [pid 5830] <... umount2 resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 5832] close(4 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./237/file1" [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... close resumed>) = 0 [pid 5832] rmdir("./230/file1" [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./235/file1", [pid 8551] <... ioctl resumed>) = 0 [pid 8551] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] rmdir("./234/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./237/binderfs", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8551] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] unlink("./237/binderfs" [pid 8551] close(4 [pid 5830] <... openat resumed>) = 4 [pid 8551] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5834] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 8551] mkdir("./file1", 0777 [pid 5832] umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8551] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 8551] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] newfstatat(AT_FDCWD, "./234/binderfs", [pid 5831] rmdir("./237" [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./230/binderfs", [pid 5830] rmdir("./235/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./230/binderfs" [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] mkdir("./238", 0777 [ 214.993749][ T8551] loop3: detected capacity change from 0 to 256 [pid 5830] umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./235/binderfs", [pid 5831] <... mkdir resumed>) = 0 [pid 5832] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./234/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] unlink("./235/binderfs" [pid 5832] rmdir("./230" [pid 5834] <... unlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5832] mkdir("./231", 0777 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] getdents64(3, [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5834] getdents64(3, [pid 5832] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5834] close(3 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] rmdir("./235"./strace-static-x86_64: Process 8552 attached [pid 5834] <... close resumed>) = 0 [pid 5832] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 8552] set_robust_list(0x55556b85b6a0, 24 [pid 5834] rmdir("./234" [pid 5832] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8552 [pid 5830] mkdir("./236", 0777 [pid 8552] <... set_robust_list resumed>) = 0 [pid 8552] chdir("./238" [pid 5834] <... rmdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 8552] <... chdir resumed>) = 0 [pid 8552] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8553 attached ) = 0 [pid 5834] mkdir("./235", 0777 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8552] setpgid(0, 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8553 [pid 5830] <... openat resumed>) = 3 [pid 8552] <... setpgid resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8553] set_robust_list(0x55556b85b6a0, 24 [pid 8552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8553] <... set_robust_list resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 8553] chdir("./231") = 0 [pid 8552] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8552] write(3, "1000", 4 [pid 5834] <... openat resumed>) = 3 [pid 8553] setpgid(0, 0 [pid 8552] <... write resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8553] <... setpgid resumed>) = 0 [pid 8552] close(3 [pid 8553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8552] <... close resumed>) = 0 [pid 8551] <... mount resumed>) = 0 [pid 8552] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... ioctl resumed>) = 0 [pid 8553] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 8552] <... symlink resumed>) = 0 [pid 8551] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8553] write(3, "1000", 4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] close(3 [pid 8551] <... openat resumed>) = 3 [pid 8551] chdir("./file1") = 0 [pid 8551] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8551] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8553] <... write resumed>) = 4 [pid 8551] <... futex resumed>) = 1 [pid 8548] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [ 215.063314][ T8551] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8551] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8548] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8548] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8554 attached [pid 8554] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8554] chdir("./236") = 0 [pid 8554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 8554] setpgid(0, 0 [pid 8553] close(3 [pid 8552] write(1, "executing program\n", 18 [pid 8551] <... openat resumed>) = 4 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8554 [pid 8553] <... close resumed>) = 0 [pid 8552] <... write resumed>) = 18 [pid 8553] symlink("/dev/binderfs", "./binderfs" [pid 8552] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8551] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8552] <... futex resumed>) = 0 executing program [pid 8551] <... futex resumed>) = 1 [pid 8548] <... futex resumed>) = 0 [pid 8553] <... symlink resumed>) = 0 [pid 8552] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8551] mkdir("./file2", 0777 [pid 8548] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8552] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8553] write(1, "executing program\n", 18 [pid 8552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8553] <... write resumed>) = 18 [pid 8552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8554] <... setpgid resumed>) = 0 [pid 8548] <... futex resumed>) = 0 [pid 8554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8553] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8552] <... mmap resumed>) = 0x7f300ac28000 [pid 8548] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8555 attached [pid 8553] <... futex resumed>) = 0 [pid 8552] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8555 [pid 8555] set_robust_list(0x55556b85b6a0, 24 [pid 8554] <... openat resumed>) = 3 [pid 8553] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8552] <... mprotect resumed>) = 0 [pid 8555] <... set_robust_list resumed>) = 0 [pid 8553] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8555] chdir("./235" [pid 8554] write(3, "1000", 4 [pid 8553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8555] <... chdir resumed>) = 0 [pid 8552] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8555] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8552] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8553] <... mmap resumed>) = 0x7f300ac28000 [pid 8555] <... prctl resumed>) = 0 [pid 8552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8553] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8554] <... write resumed>) = 4 ./strace-static-x86_64: Process 8556 attached [pid 8555] setpgid(0, 0 [pid 8553] <... mprotect resumed>) = 0 [pid 8556] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8555] <... setpgid resumed>) = 0 [pid 8552] <... clone3 resumed> => {parent_tid=[8556]}, 88) = 8556 [pid 8556] <... rseq resumed>) = 0 [pid 8554] close(3 [pid 8553] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8552] rt_sigprocmask(SIG_SETMASK, [], [pid 8556] set_robust_list(0x7f300ac489a0, 24 [pid 8555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8553] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8556] <... set_robust_list resumed>) = 0 [pid 8553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8552] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8554] <... close resumed>) = 0 [pid 8552] <... futex resumed>) = 0 [pid 8556] memfd_create("syzkaller", 0 [pid 8554] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8557 attached ) = 0 [pid 8553] <... clone3 resumed> => {parent_tid=[8557]}, 88) = 8557 [pid 8552] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8555] <... openat resumed>) = 3 [pid 8557] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053executing program [pid 8554] write(1, "executing program\n", 18 [pid 8556] <... memfd_create resumed>) = 3 [pid 8557] <... rseq resumed>) = 0 [pid 8555] write(3, "1000", 4 [pid 8554] <... write resumed>) = 18 [pid 8553] rt_sigprocmask(SIG_SETMASK, [], [pid 8557] set_robust_list(0x7f300ac489a0, 24 [pid 8556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8555] <... write resumed>) = 4 [pid 8554] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8557] <... set_robust_list resumed>) = 0 [pid 8554] <... futex resumed>) = 0 [pid 8555] close(3 [pid 8553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8556] <... mmap resumed>) = 0x7f3002800000 [pid 8553] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8555] <... close resumed>) = 0 [pid 8553] <... futex resumed>) = 0 [pid 8557] rt_sigprocmask(SIG_SETMASK, [], [pid 8554] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8554] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8557] memfd_create("syzkaller", 0 [pid 8554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8557] <... memfd_create resumed>) = 3 [pid 8554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8553] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8555] symlink("/dev/binderfs", "./binderfs" [pid 8557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8557] <... mmap resumed>) = 0x7f3002800000 [pid 8554] <... mmap resumed>) = 0x7f300ac28000 [pid 8557] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8555] <... symlink resumed>) = 0 [pid 8554] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8557] <... write resumed>) = 131072 [pid 8554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8558 attached [pid 8556] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8554] <... clone3 resumed> => {parent_tid=[8558]}, 88) = 8558 [pid 8554] rt_sigprocmask(SIG_SETMASK, [], [pid 8558] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8558] <... rseq resumed>) = 0 [pid 8557] munmap(0x7f3002800000, 138412032 [pid 8554] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8558] set_robust_list(0x7f300ac489a0, 24 [pid 8557] <... munmap resumed>) = 0 [pid 8554] <... futex resumed>) = 0 [pid 8558] <... set_robust_list resumed>) = 0 [pid 8554] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8555] write(1, "executing program\n", 18executing program [pid 8558] rt_sigprocmask(SIG_SETMASK, [], [ 215.132862][ T8551] exFAT-fs (loop3): error, data size is invalid(9000) [ 215.163172][ T8551] exFAT-fs (loop3): Filesystem has been set read-only [pid 8557] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8557] <... openat resumed>) = 4 [pid 8555] <... write resumed>) = 18 [pid 8558] memfd_create("syzkaller", 0 [pid 8555] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8557] ioctl(4, LOOP_SET_FD, 3 [pid 8558] <... memfd_create resumed>) = 3 [pid 8556] <... write resumed>) = 131072 [pid 8555] <... futex resumed>) = 0 [pid 8551] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8555] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8555] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8558] <... mmap resumed>) = 0x7f3002800000 [pid 8555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8551] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8558] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8557] <... ioctl resumed>) = 0 [pid 8548] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8557] close(3 [pid 8556] munmap(0x7f3002800000, 138412032 [pid 8548] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8557] <... close resumed>) = 0 [pid 8556] <... munmap resumed>) = 0 [pid 8548] <... futex resumed>) = 0 [pid 8557] close(4 [pid 8556] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8557] <... close resumed>) = 0 [pid 8556] <... openat resumed>) = 4 [pid 8548] <... mmap resumed>) = 0x7f300ac07000 [pid 8558] <... write resumed>) = 131072 [pid 8557] mkdir("./file1", 0777 [pid 8556] ioctl(4, LOOP_SET_FD, 3 [pid 8548] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8558] munmap(0x7f3002800000, 138412032 [pid 8557] <... mkdir resumed>) = 0 [pid 8555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] <... mprotect resumed>) = ? [pid 8555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8558] <... munmap resumed>) = 0 [pid 8557] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8555] <... mmap resumed>) = 0x7f300ac28000 [pid 8551] +++ killed by SIGSEGV +++ [pid 8548] +++ killed by SIGSEGV +++ [pid 8558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8555] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8548, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 215.191452][ T8557] loop2: detected capacity change from 0 to 256 [ 215.215695][ T8556] loop1: detected capacity change from 0 to 256 [pid 8558] <... openat resumed>) = 4 [pid 8555] <... mprotect resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8558] ioctl(4, LOOP_SET_FD, 3 [pid 8555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8559]}, 88) = 8559 [pid 5833] umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8559 attached [pid 8559] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8558] <... ioctl resumed>) = 0 [pid 8555] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8559] <... rseq resumed>) = 0 [pid 8558] close(3 [pid 8555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8559] set_robust_list(0x7f300ac489a0, 24 [pid 8558] <... close resumed>) = 0 [pid 8555] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8559] <... set_robust_list resumed>) = 0 [pid 8558] close(4 [pid 8555] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8559] rt_sigprocmask(SIG_SETMASK, [], [pid 8558] <... close resumed>) = 0 [pid 8555] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8558] mkdir("./file1", 0777 [ 215.238360][ T8558] loop0: detected capacity change from 0 to 256 [pid 5833] newfstatat(3, "", [pid 8559] memfd_create("syzkaller", 0 [pid 8558] <... mkdir resumed>) = 0 [pid 8556] <... ioctl resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8559] <... memfd_create resumed>) = 3 [pid 8556] close(3) = 0 [pid 8556] close(4) = 0 [pid 8556] mkdir("./file1", 0777) = 0 [pid 8556] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8558] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] getdents64(3, [pid 8559] <... mmap resumed>) = 0x7f3002800000 [pid 8559] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8559] <... write resumed>) = 131072 [pid 8559] munmap(0x7f3002800000, 138412032) = 0 [pid 8559] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8559] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./236/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8559] <... ioctl resumed>) = 0 [pid 8557] <... mount resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 8559] close(3 [pid 5833] newfstatat(4, "", [pid 8559] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8559] close(4 [pid 5833] getdents64(4, [pid 8559] <... close resumed>) = 0 [pid 8559] mkdir("./file1", 0777 [pid 8557] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8559] <... mkdir resumed>) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 8557] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./236/file1" [pid 8559] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8557] chdir("./file1" [pid 5833] <... rmdir resumed>) = 0 [pid 8557] <... chdir resumed>) = 0 [pid 8557] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8556] <... mount resumed>) = 0 [pid 5833] umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8557] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8556] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8557] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8556] <... openat resumed>) = 3 [pid 5833] newfstatat(AT_FDCWD, "./236/binderfs", [ 215.268816][ T8557] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 215.292623][ T8556] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 215.307326][ T8559] loop4: detected capacity change from 0 to 256 [pid 8556] chdir("./file1" [pid 8557] <... futex resumed>) = 1 [pid 8556] <... chdir resumed>) = 0 [pid 8553] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8557] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8556] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8553] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] unlink("./236/binderfs" [pid 8556] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8553] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8556] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8553] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8556] <... futex resumed>) = 1 [pid 8552] <... futex resumed>) = 0 [pid 8556] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8552] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 8556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8552] <... futex resumed>) = 0 [pid 8556] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8552] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./236") = 0 [pid 5833] mkdir("./237", 0777 [pid 8557] <... openat resumed>) = 4 [pid 8556] <... openat resumed>) = 4 [pid 5833] <... mkdir resumed>) = 0 [pid 8556] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8556] <... futex resumed>) = 1 [pid 8552] <... futex resumed>) = 0 [ 215.343309][ T8558] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 215.375107][ T8559] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8557] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8556] mkdir("./file2", 0777 [pid 8552] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8557] <... futex resumed>) = 1 [pid 8553] <... futex resumed>) = 0 [pid 8552] <... futex resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8557] mkdir("./file2", 0777 [pid 8553] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8552] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... ioctl resumed>) = 0 [pid 8558] <... mount resumed>) = 0 [pid 8553] <... futex resumed>) = 0 [pid 5833] close(3 [pid 8558] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8558] chdir("./file1") = 0 [pid 8558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8558] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8558] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8554] <... futex resumed>) = 0 [pid 8554] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8558] <... futex resumed>) = 0 [pid 8554] <... futex resumed>) = 1 [pid 8558] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8554] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8558] <... openat resumed>) = 4 [pid 8558] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8554] <... futex resumed>) = 0 [pid 8554] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8554] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8558] mkdir("./file2", 0777 [pid 8559] <... mount resumed>) = 0 [pid 8553] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 8559] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8559] <... openat resumed>) = 3 [ 215.387929][ T8556] exFAT-fs (loop1): error, data size is invalid(9000) [ 215.404055][ T8556] exFAT-fs (loop1): Filesystem has been set read-only [ 215.411790][ T8557] exFAT-fs (loop2): error, data size is invalid(9000) [ 215.422950][ T8558] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8559] chdir("./file1") = 0 [pid 8559] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8559] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8559] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 8560 attached [pid 8560] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8560] chdir("./237") = 0 [pid 8555] <... futex resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8560 [pid 8560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8560] setpgid(0, 0 [pid 8555] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8560] <... setpgid resumed>) = 0 [pid 8560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8555] <... futex resumed>) = 1 [pid 8559] <... futex resumed>) = 0 [pid 8555] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8559] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8560] <... openat resumed>) = 3 [pid 8559] <... openat resumed>) = 4 [pid 8559] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8555] <... futex resumed>) = 0 [pid 8555] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8555] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8560] write(3, "1000", 4) = 4 [pid 8559] mkdir("./file2", 0777executing program [pid 8560] close(3) = 0 [pid 8560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8560] write(1, "executing program\n", 18) = 18 [pid 8560] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8560] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8552] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8556] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8556] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8552] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8560] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8554] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8552] <... futex resumed>) = 0 [pid 8560] <... mprotect resumed>) = 0 [pid 8554] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8560] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8554] <... futex resumed>) = 0 [pid 8560] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8558] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8554] <... mmap resumed>) = 0x7f300ac07000 ./strace-static-x86_64: Process 8561 attached [pid 8554] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8560] <... clone3 resumed> => {parent_tid=[8561]}, 88) = 8561 [pid 8554] <... mprotect resumed>) = 0 [pid 8560] rt_sigprocmask(SIG_SETMASK, [], [pid 8554] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8554] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8560] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8562 attached [pid 8560] <... futex resumed>) = 0 [pid 8560] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8554] <... clone3 resumed> => {parent_tid=[8562]}, 88) = 8562 [pid 8558] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8554] ???( [pid 8561] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8561] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8561] rt_sigprocmask(SIG_SETMASK, [], [pid 8554] <... ??? resumed>) = ? [pid 8562] +++ killed by SIGSEGV +++ [pid 8561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8561] memfd_create("syzkaller", 0 [pid 8558] +++ killed by SIGSEGV +++ [pid 8554] +++ killed by SIGSEGV +++ [pid 8553] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8556] +++ killed by SIGSEGV +++ [pid 8552] +++ killed by SIGSEGV +++ [pid 8553] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8554, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8553] <... futex resumed>) = 0 [pid 8553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8552, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8561] <... memfd_create resumed>) = 3 [pid 8553] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8553] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8553] <... mprotect resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8561] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8553] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8553] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8561] <... write resumed>) = 131072 [pid 8553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] newfstatat(3, "", [pid 5830] openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8553] <... clone3 resumed> => {parent_tid=[8563]}, 88) = 8563 [pid 8555] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8553] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8555] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8553] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 8553] <... futex resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8553] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8555] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 8555] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5830] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8564 attached [pid 8555] <... clone3 resumed> => {parent_tid=[8564]}, 88) = 8564 [pid 5831] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8563 attached [pid 8555] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... umount2 resumed>) = 0 [ 215.443395][ T8558] exFAT-fs (loop0): Filesystem has been set read-only [ 215.455794][ T8559] exFAT-fs (loop4): error, data size is invalid(9000) [ 215.456353][ T8557] exFAT-fs (loop2): Filesystem has been set read-only [ 215.485767][ T8559] exFAT-fs (loop4): Filesystem has been set read-only [pid 8561] munmap(0x7f3002800000, 138412032 [pid 8555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8563] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8561] <... munmap resumed>) = 0 [pid 5831] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8564] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8555] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8563] <... rseq resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./238/file1", [pid 5830] newfstatat(AT_FDCWD, "./236/file1", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8564] <... rseq resumed>) = 0 [pid 8563] set_robust_list(0x7f300ac279a0, 24 [pid 8559] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8555] <... futex resumed>) = 0 [pid 5831] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8564] set_robust_list(0x7f300ac279a0, 24 [pid 8563] <... set_robust_list resumed>) = 0 [pid 8561] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8559] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8555] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8563] rt_sigprocmask(SIG_SETMASK, [], [pid 8561] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8564] <... set_robust_list resumed>) = ? [pid 8561] ioctl(4, LOOP_SET_FD, 3 [pid 8555] <... futex resumed>) = ? [pid 8564] +++ killed by SIGSEGV +++ [pid 8563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8559] +++ killed by SIGSEGV +++ [pid 8557] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8555] +++ killed by SIGSEGV +++ [pid 5831] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8555, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8563] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8557] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5834] umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5830] getdents64(4, [pid 5834] openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8553] <... futex resumed>) = ? [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5834] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8563] <... ioctl resumed>) = ? [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] close(4 [pid 8563] +++ killed by SIGSEGV +++ [pid 5830] <... close resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 5831] getdents64(4, [pid 5830] rmdir("./236/file1" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5834] getdents64(3, [pid 5831] close(4 [pid 5830] umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./236/binderfs", [pid 5834] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./238/file1" [pid 8561] <... ioctl resumed>) = 0 [pid 8557] +++ killed by SIGSEGV +++ [pid 8553] +++ killed by SIGSEGV +++ [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8553, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./236/binderfs" [pid 5834] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5834] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./238/binderfs", [pid 5830] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8561] close(3) = 0 [pid 8561] close(4) = 0 [pid 8561] mkdir("./file1", 0777) = 0 [pid 8561] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5831] unlink("./238/binderfs" [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./236" [pid 5831] <... unlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] getdents64(3, [pid 5830] <... rmdir resumed>) = 0 [ 215.522523][ T8561] loop3: detected capacity change from 0 to 256 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] mkdir("./237", 0777 [pid 5832] getdents64(3, [pid 5831] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... openat resumed>) = 3 [pid 5831] rmdir("./238" [pid 5832] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5831] mkdir("./239", 0777 [pid 5830] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8565 attached , child_tidptr=0x55556b85b690) = 8565 [pid 8565] set_robust_list(0x55556b85b6a0, 24 [pid 5831] <... openat resumed>) = 3 [pid 8565] <... set_robust_list resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 8565] chdir("./237" [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8565] <... chdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8566 attached [pid 8565] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] newfstatat(AT_FDCWD, "./235/file1", [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8566 [pid 8565] <... prctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8566] set_robust_list(0x55556b85b6a0, 24 [pid 8565] setpgid(0, 0 [pid 5834] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8565] <... setpgid resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./231/file1", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8566] <... set_robust_list resumed>) = 0 [pid 8566] chdir("./239" [pid 8565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8565] <... openat resumed>) = 3 [pid 5834] <... openat resumed>) = 4 [pid 5832] umount2("./231/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8566] <... chdir resumed>) = 0 [pid 8566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] openat(AT_FDCWD, "./231/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] newfstatat(4, "", [pid 8566] setpgid(0, 0 [pid 5832] <... openat resumed>) = 4 [pid 8566] <... setpgid resumed>) = 0 [pid 8566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8565] write(3, "1000", 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program executing program [pid 8565] <... write resumed>) = 4 [pid 5834] getdents64(4, [pid 5832] newfstatat(4, "", [pid 8566] <... openat resumed>) = 3 [pid 8565] close(3 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8565] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 8566] write(3, "1000", 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 8565] symlink("/dev/binderfs", "./binderfs" [pid 5834] close(4 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8566] <... write resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5834] rmdir("./235/file1" [pid 8566] close(3) = 0 [pid 8566] symlink("/dev/binderfs", "./binderfs" [pid 8565] <... symlink resumed>) = 0 [pid 8566] <... symlink resumed>) = 0 [pid 8566] write(1, "executing program\n", 18 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8565] write(1, "executing program\n", 18 [pid 5834] umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(4 [pid 8566] <... write resumed>) = 18 [pid 8565] <... write resumed>) = 18 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 8566] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8565] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./235/binderfs", [pid 5832] rmdir("./231/file1" [pid 8566] <... futex resumed>) = 0 [pid 8566] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8566] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8567]}, 88) = 8567 [pid 8566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8566] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8566] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8567 attached [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8565] <... futex resumed>) = 0 [pid 5832] umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8565] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8561] <... mount resumed>) = 0 [pid 5834] unlink("./235/binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8561] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8567] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8565] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./231/binderfs", [pid 8561] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] unlink("./231/binderfs" [pid 8567] <... rseq resumed>) = 0 [pid 5834] getdents64(3, [pid 8561] chdir("./file1" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8561] <... chdir resumed>) = 0 [pid 8561] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8567] set_robust_list(0x7f300ac489a0, 24 [pid 5832] <... unlink resumed>) = 0 [pid 5834] close(3 [pid 8565] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 215.587251][ T8561] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8567] <... set_robust_list resumed>) = 0 [pid 8565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8561] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 8561] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8560] <... futex resumed>) = 0 [pid 8560] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8560] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8561] <... futex resumed>) = 1 [pid 8561] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] rmdir("./235" [pid 8565] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] <... rmdir resumed>) = 0 [pid 8567] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] close(3 [pid 8565] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... close resumed>) = 0 [pid 8567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8565] <... mprotect resumed>) = 0 [pid 8561] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mkdir("./236", 0777 [pid 5832] rmdir("./231" [pid 8561] <... futex resumed>) = 1 [pid 8560] <... futex resumed>) = 0 [pid 8560] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8561] mkdir("./file2", 0777 [pid 8560] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8567] memfd_create("syzkaller", 0 [pid 8565] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8567] <... memfd_create resumed>) = 3 [pid 8565] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] mkdir("./232", 0777 [pid 8561] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... openat resumed>) = 3 [pid 5832] <... mkdir resumed>) = 0 [pid 8567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8561] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8567] <... mmap resumed>) = 0x7f3002800000 ./strace-static-x86_64: Process 8568 attached [pid 8567] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8560] <... futex resumed>) = ? [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5834] close(3 [pid 8565] <... clone3 resumed> => {parent_tid=[8568]}, 88) = 8568 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8565] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... ioctl resumed>) = 0 [pid 8565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8568] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8565] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8568] <... rseq resumed>) = 0 [pid 8565] <... futex resumed>) = 0 [pid 8567] <... write resumed>) = 131072 [pid 8568] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8568] memfd_create("syzkaller", 0) = 3 [pid 8565] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5832] close(3 [pid 8567] munmap(0x7f3002800000, 138412032 [pid 8568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [ 215.661581][ T8561] exFAT-fs (loop3): error, data size is invalid(9000) [ 215.668518][ T8561] exFAT-fs (loop3): Filesystem has been set read-only [pid 8568] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8567] <... munmap resumed>) = 0 [pid 8561] +++ killed by SIGSEGV +++ [pid 8560] +++ killed by SIGSEGV +++ [pid 5832] <... close resumed>) = 0 [pid 8568] <... write resumed>) = 131072 [pid 8567] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8560, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8567] <... openat resumed>) = 4 [pid 8568] munmap(0x7f3002800000, 138412032) = 0 ./strace-static-x86_64: Process 8569 attached [pid 5833] umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8569] set_robust_list(0x55556b85b6a0, 24 [pid 8568] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8569 [pid 8569] <... set_robust_list resumed>) = 0 [pid 8567] ioctl(4, LOOP_SET_FD, 3 [pid 8568] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8570 attached [pid 8568] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8570 [pid 8569] chdir("./232" [pid 8567] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8569] <... chdir resumed>) = 0 [pid 8567] close(3 [pid 8570] set_robust_list(0x55556b85b6a0, 24 [pid 8569] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8567] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8569] <... prctl resumed>) = 0 [pid 8567] close(4 [pid 5833] newfstatat(3, "", [pid 8569] setpgid(0, 0 [pid 8567] <... close resumed>) = 0 [pid 8569] <... setpgid resumed>) = 0 [pid 8570] <... set_robust_list resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8567] mkdir("./file1", 0777 [pid 5833] getdents64(3, [pid 8570] chdir("./236" [pid 8569] <... openat resumed>) = 3 [pid 8567] <... mkdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8569] write(3, "1000", 4 [pid 8567] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8569] <... write resumed>) = 4 [pid 8570] <... chdir resumed>) = 0 [pid 8569] close(3 [pid 8570] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8569] <... close resumed>) = 0 [pid 8569] symlink("/dev/binderfs", "./binderfs" [pid 8570] <... prctl resumed>) = 0 [pid 8570] setpgid(0, 0) = 0 [pid 8570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8570] write(3, "1000", 4) = 4 [pid 8570] close(3) = 0 [pid 8570] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8570] write(1, "executing program\n", 18executing program ) = 18 [pid 8569] <... symlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8570] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8569] write(1, "executing program\n", 18 [pid 8570] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8569] <... write resumed>) = 18 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8570] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8569] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 215.746603][ T8567] loop1: detected capacity change from 0 to 256 [ 215.748201][ T8568] loop0: detected capacity change from 0 to 256 [pid 5833] newfstatat(AT_FDCWD, "./237/file1", [pid 8570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8569] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8570] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8571]}, 88) = 8571 [pid 8570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8570] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8570] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8571 attached [pid 8569] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8568] <... ioctl resumed>) = 0 [pid 5833] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8571] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8569] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8568] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8571] <... rseq resumed>) = 0 [pid 8569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8568] <... close resumed>) = 0 [pid 8571] set_robust_list(0x7f300ac489a0, 24 [pid 8568] close(4 [pid 8571] <... set_robust_list resumed>) = 0 [pid 8569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8568] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8569] <... mmap resumed>) = 0x7f300ac28000 [pid 8571] rt_sigprocmask(SIG_SETMASK, [], [pid 8568] mkdir("./file1", 0777 [pid 5833] <... openat resumed>) = 4 [pid 8571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8569] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8568] <... mkdir resumed>) = 0 [pid 8571] memfd_create("syzkaller", 0 [pid 8569] <... mprotect resumed>) = 0 [pid 8568] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] newfstatat(4, "", [pid 8569] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8571] <... memfd_create resumed>) = 3 [pid 8569] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] getdents64(4, [pid 8571] <... mmap resumed>) = 0x7f3002800000 ./strace-static-x86_64: Process 8572 attached [pid 8571] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8569] <... clone3 resumed> => {parent_tid=[8572]}, 88) = 8572 [pid 8572] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8569] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] getdents64(4, [pid 8572] <... rseq resumed>) = 0 [pid 8569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8567] <... mount resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8572] set_robust_list(0x7f300ac489a0, 24 [pid 8571] <... write resumed>) = 131072 [pid 8569] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8567] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8569] <... futex resumed>) = 0 [pid 8572] <... set_robust_list resumed>) = 0 [pid 8572] rt_sigprocmask(SIG_SETMASK, [], [pid 8569] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8572] memfd_create("syzkaller", 0 [pid 8567] <... openat resumed>) = 3 [pid 5833] close(4 [pid 8572] <... memfd_create resumed>) = 3 [pid 8567] chdir("./file1" [pid 5833] <... close resumed>) = 0 [pid 8572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8567] <... chdir resumed>) = 0 [pid 5833] rmdir("./237/file1" [pid 8572] <... mmap resumed>) = 0x7f3002800000 [pid 8571] munmap(0x7f3002800000, 138412032) = 0 [pid 8567] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... rmdir resumed>) = 0 [pid 8572] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8571] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8567] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8571] <... openat resumed>) = 4 [pid 8567] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8567] <... futex resumed>) = 1 [pid 5833] newfstatat(AT_FDCWD, "./237/binderfs", [ 215.791952][ T8567] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8567] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8572] <... write resumed>) = 131072 [pid 8571] ioctl(4, LOOP_SET_FD, 3 [pid 8566] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8572] munmap(0x7f3002800000, 138412032 [pid 5833] unlink("./237/binderfs" [pid 8572] <... munmap resumed>) = 0 [pid 8566] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 8572] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] getdents64(3, [pid 8572] <... openat resumed>) = 4 [pid 8567] <... futex resumed>) = 0 [pid 8566] <... futex resumed>) = 1 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8572] ioctl(4, LOOP_SET_FD, 3 [pid 8567] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8566] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] close(3 [pid 8567] <... openat resumed>) = 4 [pid 8567] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8567] <... futex resumed>) = 1 [pid 8566] <... futex resumed>) = 0 [pid 5833] rmdir("./237" [pid 8567] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8566] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8566] <... futex resumed>) = 0 [pid 8567] mkdir("./file2", 0777 [pid 8566] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8572] <... ioctl resumed>) = 0 [pid 8571] <... ioctl resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8571] close(3) = 0 [pid 8571] close(4) = 0 [pid 8571] mkdir("./file1", 0777) = 0 [pid 8571] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8568] <... mount resumed>) = 0 [pid 5833] mkdir("./238", 0777) = 0 [ 215.850390][ T8571] loop4: detected capacity change from 0 to 256 [ 215.862149][ T8568] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 215.878709][ T8572] loop2: detected capacity change from 0 to 256 [ 215.885879][ T8567] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8568] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8572] close(3 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8572] <... close resumed>) = 0 [pid 8568] chdir("./file1" [pid 8567] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8566] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... openat resumed>) = 3 [pid 8572] close(4 [pid 8566] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8572] <... close resumed>) = 0 [pid 8566] <... futex resumed>) = 0 [pid 8572] mkdir("./file1", 0777 [pid 8566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8568] <... chdir resumed>) = 0 [pid 8566] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] close(3 [pid 8568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8566] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... close resumed>) = 0 [pid 8568] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8566] <... mprotect resumed>) = 0 [pid 8568] <... futex resumed>) = 1 [pid 8566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8565] <... futex resumed>) = 0 [pid 8568] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8565] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8572] <... mkdir resumed>) = 0 [pid 8565] <... futex resumed>) = 0 [pid 8572] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8565] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8568] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8567] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8568] <... openat resumed>) = 4 [pid 8568] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8565] <... futex resumed>) = 0 [ 215.913573][ T8567] exFAT-fs (loop1): Filesystem has been set read-only [ 215.921639][ T8571] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 215.951165][ T8568] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8568] mkdir("./file2", 0777 [pid 8565] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8573 attached [pid 8567] +++ killed by SIGSEGV +++ [pid 8566] +++ killed by SIGSEGV +++ [pid 8565] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8573] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8573 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8566, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8573] <... set_robust_list resumed>) = 0 [pid 5831] umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8573] chdir("./238" [pid 8571] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8573] <... chdir resumed>) = 0 [pid 8573] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8571] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8573] <... prctl resumed>) = 0 [pid 8571] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 8573] setpgid(0, 0 [pid 8571] chdir("./file1" [pid 5831] newfstatat(3, "", [pid 8571] <... chdir resumed>) = 0 [pid 8571] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8571] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8570] <... futex resumed>) = 0 [pid 8571] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8570] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 215.958420][ T8568] exFAT-fs (loop0): Filesystem has been set read-only [pid 8571] <... openat resumed>) = 4 [pid 8570] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8573] <... setpgid resumed>) = 0 [pid 8571] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 8571] <... futex resumed>) = 1 [pid 8570] <... futex resumed>) = 0 [pid 8570] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8570] <... futex resumed>) = 0 [pid 8570] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8571] mkdir("./file2", 0777 [pid 8573] <... openat resumed>) = 3 [pid 8568] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8573] write(3, "1000", 4) = 4 [pid 8573] close(3 [pid 8568] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8573] <... close resumed>) = 0 [pid 8573] symlink("/dev/binderfs", "./binderfs" [pid 8565] <... futex resumed>) = ? [pid 8573] <... symlink resumed>) = 0 [pid 8573] write(1, "executing program\n", 18executing program [pid 8568] +++ killed by SIGSEGV +++ [pid 8565] +++ killed by SIGSEGV +++ [pid 8573] <... write resumed>) = 18 [pid 8573] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8565, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8573] <... futex resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8573] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8573] <... mmap resumed>) = 0x7f300ac28000 [pid 8573] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8573] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8573] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8570] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 8573] <... clone3 resumed> => {parent_tid=[8574]}, 88) = 8574 [pid 8570] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8570] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8573] rt_sigprocmask(SIG_SETMASK, [], [pid 8570] <... mprotect resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./239/file1", [pid 5830] newfstatat(3, "", ./strace-static-x86_64: Process 8574 attached [pid 8570] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] getdents64(3, [pid 5831] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8570] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8574] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8574] <... rseq resumed>) = 0 [pid 8574] set_robust_list(0x7f300ac489a0, 24 [pid 8570] <... clone3 resumed> => {parent_tid=[8575]}, 88) = 8575 [pid 8574] <... set_robust_list resumed>) = 0 [pid 8573] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8575 attached [pid 8574] rt_sigprocmask(SIG_SETMASK, [], [pid 8573] <... futex resumed>) = 0 [pid 8570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8575] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8573] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8570] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 4 [pid 8575] <... rseq resumed>) = 0 [pid 8574] memfd_create("syzkaller", 0 [pid 8570] <... futex resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 8575] set_robust_list(0x7f300ac279a0, 24 [pid 8574] <... memfd_create resumed>) = 3 [pid 8570] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = 0 [pid 8575] <... set_robust_list resumed>) = 0 [pid 8574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8575] rt_sigprocmask(SIG_SETMASK, [], [pid 8574] <... mmap resumed>) = 0x7f3002800000 [pid 5831] getdents64(4, [pid 8575] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 216.011757][ T8571] exFAT-fs (loop4): error, data size is invalid(9000) [ 216.037699][ T8572] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 216.041667][ T8571] exFAT-fs (loop4): Filesystem has been set read-only [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8575] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8574] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8572] <... mount resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./237/file1", [pid 8575] <... ioctl resumed>) = 0 [pid 8574] <... write resumed>) = 131072 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(4 [pid 5830] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8572] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./239/file1" [pid 5830] openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8575] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8570] <... futex resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8575] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8574] munmap(0x7f3002800000, 138412032 [pid 5831] umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 8574] <... munmap resumed>) = 0 [pid 8572] <... openat resumed>) = 3 [pid 8571] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8574] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8572] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(4, "", [pid 8572] <... chdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./239/binderfs", [pid 8575] <... futex resumed>) = ? [pid 8572] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] unlink("./239/binderfs" [pid 8575] +++ killed by SIGSEGV +++ [pid 8572] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8571] +++ killed by SIGSEGV +++ [pid 8570] +++ killed by SIGSEGV +++ [pid 5831] <... unlink resumed>) = 0 [pid 5830] getdents64(4, [pid 8572] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 8574] ioctl(4, LOOP_SET_FD, 3 [pid 8572] <... futex resumed>) = 1 [pid 8569] <... futex resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8570, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8572] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8569] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] close(3 [pid 8569] <... futex resumed>) = 0 [pid 5830] getdents64(4, [pid 8572] <... openat resumed>) = 4 [pid 8569] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8572] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] rmdir("./239" [pid 5830] close(4 [pid 8572] <... futex resumed>) = 0 [pid 8569] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8572] mkdir("./file2", 0777 [pid 8569] <... futex resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] mkdir("./240", 0777 [pid 5830] rmdir("./237/file1" [pid 8569] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5834] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./236/file1", [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./237/binderfs", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(3 [pid 5834] <... openat resumed>) = 4 [pid 5834] newfstatat(4, "", [pid 5831] <... close resumed>) = 0 [pid 5830] unlink("./237/binderfs" [pid 8574] <... ioctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8574] close(3 [pid 5834] getdents64(4, [pid 8574] <... close resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8574] close(4 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8574] <... close resumed>) = 0 [pid 5834] close(4 [pid 8574] mkdir("./file1", 0777 [pid 5834] <... close resumed>) = 0 [pid 8574] <... mkdir resumed>) = 0 [pid 5834] rmdir("./236/file1") = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8574] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8576 attached [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8576 [pid 5834] umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 8576] set_robust_list(0x55556b85b6a0, 24 [pid 8572] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] newfstatat(AT_FDCWD, "./236/binderfs", [pid 5830] <... close resumed>) = 0 [pid 8576] <... set_robust_list resumed>) = 0 [pid 8572] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] rmdir("./237" [pid 8576] chdir("./240" [pid 5834] unlink("./236/binderfs" [pid 8569] <... futex resumed>) = ? [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5830] mkdir("./238", 0777 [pid 5834] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8576] <... chdir resumed>) = 0 [pid 5834] close(3 [pid 5830] <... openat resumed>) = 3 [pid 8576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8576] <... prctl resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5834] rmdir("./236") = 0 [pid 5834] mkdir("./237", 0777 [pid 8572] +++ killed by SIGSEGV +++ [pid 8569] +++ killed by SIGSEGV +++ [pid 5830] <... close resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [ 216.114969][ T8574] loop3: detected capacity change from 0 to 256 [ 216.123859][ T8572] exFAT-fs (loop2): error, data size is invalid(9000) [ 216.148677][ T8572] exFAT-fs (loop2): Filesystem has been set read-only [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8576] setpgid(0, 0 [pid 5834] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8576] <... setpgid resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8569, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- ./strace-static-x86_64: Process 8577 attached [pid 8576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 8577] set_robust_list(0x55556b85b6a0, 24 [pid 8576] <... openat resumed>) = 3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8577 [pid 8577] <... set_robust_list resumed>) = 0 [pid 5834] close(3 [pid 8577] chdir("./238" [pid 8576] write(3, "1000", 4 [pid 5832] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8576] <... write resumed>) = 4 [pid 8577] <... chdir resumed>) = 0 [pid 8576] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8576] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8577] setpgid(0, 0 [pid 8576] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... openat resumed>) = 3 [pid 8577] <... setpgid resumed>) = 0 [pid 8576] <... symlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b85b690) = 8578 ./strace-static-x86_64: Process 8578 attached [pid 8578] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8578] chdir("./237") = 0 [pid 8578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8578] setpgid(0, 0executing program [pid 8577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8576] write(1, "executing program\n", 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8578] <... setpgid resumed>) = 0 [pid 8576] <... write resumed>) = 18 [pid 8578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8577] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 8578] <... openat resumed>) = 3 [pid 8576] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8578] write(3, "1000", 4 [pid 8577] write(3, "1000", 4 [pid 8576] <... futex resumed>) = 0 [pid 5832] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8578] <... write resumed>) = 4 [pid 8577] <... write resumed>) = 4 [pid 8576] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8574] <... mount resumed>) = 0 [pid 8577] close(3 [pid 8578] close(3 [pid 8577] <... close resumed>) = 0 [pid 8576] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8578] <... close resumed>) = 0 [pid 8578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8578] write(1, "executing program\n", 18) = 18 [pid 8578] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8578] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8574] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8574] <... openat resumed>) = 3 [pid 8578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8578] <... mmap resumed>) = 0x7f300ac28000 [pid 8576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8574] chdir("./file1" [pid 8578] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [ 216.185749][ T8574] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8577] symlink("/dev/binderfs", "./binderfs" [pid 8576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8578] <... mprotect resumed>) = 0 [pid 8574] <... chdir resumed>) = 0 [pid 8578] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8576] <... mmap resumed>) = 0x7f300ac28000 [pid 8574] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8578] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8577] <... symlink resumed>) = 0 [pid 8576] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8574] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8576] <... mprotect resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8574] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8576] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] newfstatat(AT_FDCWD, "./232/file1", ./strace-static-x86_64: Process 8579 attached [pid 8574] <... futex resumed>) = 1 [pid 8573] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8578] <... clone3 resumed> => {parent_tid=[8579]}, 88) = 8579 [pid 8576] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8574] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8573] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./232/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8579] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8578] rt_sigprocmask(SIG_SETMASK, [], [pid 8577] write(1, "executing program\n", 18 [pid 8576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8573] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8579] <... rseq resumed>) = 0 [pid 8573] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "./232/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 8574] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 8580 attached [pid 8579] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8579] rt_sigprocmask(SIG_SETMASK, [], [pid 8578] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8578] <... futex resumed>) = 0 executing program [pid 8579] memfd_create("syzkaller", 0 [pid 8578] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8580] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8577] <... write resumed>) = 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8577] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8580] <... rseq resumed>) = 0 [pid 5832] getdents64(4, [pid 8576] <... clone3 resumed> => {parent_tid=[8580]}, 88) = 8580 [pid 8574] <... openat resumed>) = 4 [pid 8580] set_robust_list(0x7f300ac489a0, 24 [pid 8579] <... memfd_create resumed>) = 3 [pid 8576] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8580] <... set_robust_list resumed>) = 0 [pid 8579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8574] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8580] rt_sigprocmask(SIG_SETMASK, [], [pid 8579] <... mmap resumed>) = 0x7f3002800000 [pid 8574] <... futex resumed>) = 1 [pid 8573] <... futex resumed>) = 0 [pid 8580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8579] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8577] <... futex resumed>) = 0 [pid 8576] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8574] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8573] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8577] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8576] <... futex resumed>) = 0 [pid 5832] close(4 [pid 8577] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8576] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8573] <... futex resumed>) = 0 [pid 8580] memfd_create("syzkaller", 0 [pid 8577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8573] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8574] mkdir("./file2", 0777 [pid 5832] <... close resumed>) = 0 [pid 8580] <... memfd_create resumed>) = 3 [pid 8577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] rmdir("./232/file1" [pid 8580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8577] <... mmap resumed>) = 0x7f300ac28000 [pid 8577] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8580] <... mmap resumed>) = 0x7f3002800000 [pid 8577] <... mprotect resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8579] <... write resumed>) = 131072 [pid 8577] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8579] munmap(0x7f3002800000, 138412032 [pid 8580] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8579] <... munmap resumed>) = 0 [pid 5832] umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8577] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8579] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8581 attached [pid 8580] <... write resumed>) = 131072 [pid 8579] <... openat resumed>) = 4 [pid 5832] newfstatat(AT_FDCWD, "./232/binderfs", [pid 8579] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8581] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8580] munmap(0x7f3002800000, 138412032 [pid 8577] <... clone3 resumed> => {parent_tid=[8581]}, 88) = 8581 [pid 5832] unlink("./232/binderfs" [pid 8581] <... rseq resumed>) = 0 [pid 8580] <... munmap resumed>) = 0 [pid 8577] rt_sigprocmask(SIG_SETMASK, [], [pid 8573] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... unlink resumed>) = 0 [pid 8573] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8581] set_robust_list(0x7f300ac489a0, 24 [pid 8580] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] getdents64(3, [pid 8581] <... set_robust_list resumed>) = 0 [pid 8580] <... openat resumed>) = 4 [pid 8581] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8577] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 8580] ioctl(4, LOOP_SET_FD, 3 [pid 8581] memfd_create("syzkaller", 0 [pid 8573] <... mmap resumed>) = 0x7f300ac07000 [ 216.275954][ T8574] exFAT-fs (loop3): error, data size is invalid(9000) [ 216.303866][ T8579] loop4: detected capacity change from 0 to 256 [ 216.314375][ T8574] exFAT-fs (loop3): Filesystem has been set read-only [pid 8573] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8582 attached => {parent_tid=[8582]}, 88) = 8582 [pid 8573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8573] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8573] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8582] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8581] <... memfd_create resumed>) = 3 [pid 8580] <... ioctl resumed>) = 0 [pid 8577] <... futex resumed>) = 0 [pid 8574] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... close resumed>) = 0 [pid 8582] <... rseq resumed>) = 0 [pid 8581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8580] close(3 [pid 8577] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8574] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] rmdir("./232" [pid 8581] <... mmap resumed>) = 0x7f3002800000 [pid 8580] <... close resumed>) = 0 [pid 8579] <... ioctl resumed>) = 0 [pid 8581] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8580] close(4 [pid 8579] close(3 [pid 8573] <... futex resumed>) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 8580] <... close resumed>) = 0 [pid 8582] +++ killed by SIGSEGV +++ [pid 8580] mkdir("./file1", 0777 [pid 8579] <... close resumed>) = 0 [pid 8579] close(4) = 0 [pid 8579] mkdir("./file1", 0777 [pid 8580] <... mkdir resumed>) = 0 [pid 8579] <... mkdir resumed>) = 0 [ 216.332617][ T8580] loop1: detected capacity change from 0 to 256 [pid 8580] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8581] <... write resumed>) = 131072 [pid 8579] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] mkdir("./233", 0777 [pid 8574] +++ killed by SIGSEGV +++ [pid 8573] +++ killed by SIGSEGV +++ [pid 8581] munmap(0x7f3002800000, 138412032 [pid 5832] <... mkdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8573, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5833] umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8581] <... munmap resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] newfstatat(3, "", [pid 8581] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8580] <... mount resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8581] <... openat resumed>) = 4 [pid 5833] getdents64(3, [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8581] ioctl(4, LOOP_SET_FD, 3 [pid 8580] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] <... ioctl resumed>) = 0 [ 216.374280][ T8580] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 216.407574][ T8579] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8580] <... openat resumed>) = 3 [pid 5833] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 8580] chdir("./file1" [pid 5832] <... close resumed>) = 0 [pid 8580] <... chdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8580] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8583 attached [pid 8581] <... ioctl resumed>) = 0 [pid 8580] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8579] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8583 [pid 8580] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8580] <... futex resumed>) = 1 [pid 8580] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8576] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8576] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./238/file1", [pid 8580] <... futex resumed>) = 0 [pid 8576] <... futex resumed>) = 1 [pid 8580] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8576] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8580] <... openat resumed>) = 4 [pid 8580] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8580] <... futex resumed>) = 1 [pid 8576] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8580] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8576] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8576] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 8583] set_robust_list(0x55556b85b6a0, 24 [ 216.422263][ T8581] loop0: detected capacity change from 0 to 256 [pid 8580] mkdir("./file2", 0777 [pid 8583] <... set_robust_list resumed>) = 0 [pid 8581] close(3 [pid 8579] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8576] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] newfstatat(4, "", [pid 8583] chdir("./233" [pid 8581] <... close resumed>) = 0 [pid 8579] <... openat resumed>) = 3 [pid 8583] <... chdir resumed>) = 0 [pid 8583] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8581] close(4 [pid 8579] chdir("./file1" [pid 8583] <... prctl resumed>) = 0 [pid 8581] <... close resumed>) = 0 [pid 8579] <... chdir resumed>) = 0 [pid 8583] setpgid(0, 0 [pid 8581] mkdir("./file1", 0777 [pid 8579] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8583] <... setpgid resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 8583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8581] <... mkdir resumed>) = 0 [pid 8579] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8579] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8579] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8583] <... openat resumed>) = 3 [pid 8581] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8583] write(3, "1000", 4 [pid 8578] <... futex resumed>) = 0 [pid 8583] <... write resumed>) = 4 [pid 8578] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8583] close(3 [pid 8579] <... futex resumed>) = 0 [pid 8578] <... futex resumed>) = 1 [pid 8583] <... close resumed>) = 0 [pid 8579] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8578] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8580] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8583] write(1, "executing program\n", 18executing program ) = 18 [pid 8580] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8579] <... openat resumed>) = 4 [pid 5833] close(4 [pid 8583] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8583] <... futex resumed>) = 0 [pid 8576] <... futex resumed>) = ? [pid 8583] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8579] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./238/file1" [pid 8583] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8579] <... futex resumed>) = 1 [pid 8578] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8579] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8578] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8583] <... mmap resumed>) = 0x7f300ac28000 [pid 8579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8578] <... futex resumed>) = 0 [pid 8580] +++ killed by SIGSEGV +++ [pid 8578] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8576] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8583] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8579] mkdir("./file2", 0777 [pid 5833] newfstatat(AT_FDCWD, "./238/binderfs", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8576, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 216.455111][ T8580] exFAT-fs (loop1): error, data size is invalid(9000) [ 216.473429][ T8580] exFAT-fs (loop1): Filesystem has been set read-only [pid 8583] <... mprotect resumed>) = 0 [pid 5833] unlink("./238/binderfs" [pid 8583] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8583] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(3, [pid 5831] openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8584 attached [pid 8583] <... clone3 resumed> => {parent_tid=[8584]}, 88) = 8584 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] close(3 [pid 5831] newfstatat(3, "", [pid 8584] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8583] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... close resumed>) = 0 [pid 8584] <... rseq resumed>) = 0 [pid 8583] <... futex resumed>) = 0 [pid 5833] rmdir("./238" [pid 5831] getdents64(3, [pid 8584] set_robust_list(0x7f300ac489a0, 24 [pid 8583] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8584] <... set_robust_list resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8584] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] mkdir("./239", 0777 [pid 8584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8584] memfd_create("syzkaller", 0) = 3 [pid 8584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8584] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... umount2 resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5831] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8584] <... write resumed>) = 131072 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... ioctl resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./240/file1", [ 216.496781][ T8579] exFAT-fs (loop4): error, data size is invalid(9000) [ 216.524923][ T8579] exFAT-fs (loop4): Filesystem has been set read-only [ 216.531851][ T8581] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8584] munmap(0x7f3002800000, 138412032) = 0 [pid 5833] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8578] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8578] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8584] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8578] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8584] ioctl(4, LOOP_SET_FD, 3 [pid 8578] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8578] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... close resumed>) = 0 [pid 8578] <... clone3 resumed> => {parent_tid=[8585]}, 88) = 8585 ./strace-static-x86_64: Process 8585 attached [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8585] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5831] openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8578] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8578] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(4, "", [pid 8579] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8579] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8585] <... rseq resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] getdents64(4, [pid 8584] <... ioctl resumed>) = 0 [pid 8584] close(3) = 0 [pid 8584] close(4) = 0 [pid 8584] mkdir("./file1", 0777 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8584] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8586 attached [pid 8581] <... mount resumed>) = 0 [pid 8578] <... futex resumed>) = ? [pid 5831] getdents64(4, [pid 8585] +++ killed by SIGSEGV +++ [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8586 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 8584] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./240/file1" [pid 8581] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8579] +++ killed by SIGSEGV +++ [pid 8578] +++ killed by SIGSEGV +++ [pid 5831] <... rmdir resumed>) = 0 [pid 8581] chdir("./file1" [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8578, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8581] <... chdir resumed>) = 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./240/binderfs", [pid 8581] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8586] set_robust_list(0x55556b85b6a0, 24 [pid 8581] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] unlink("./240/binderfs" [pid 8586] <... set_robust_list resumed>) = 0 [pid 8581] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8586] chdir("./239" [pid 8581] <... futex resumed>) = 1 [pid 8577] <... futex resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8581] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8577] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5831] getdents64(3, [pid 8577] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8581] <... openat resumed>) = 4 [pid 5831] close(3 [pid 5834] umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./240" [pid 5834] openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8586] <... chdir resumed>) = 0 [pid 8581] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8586] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8581] <... futex resumed>) = 1 [pid 8577] <... futex resumed>) = 0 [pid 8586] <... prctl resumed>) = 0 [pid 8577] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8586] setpgid(0, 0 [pid 8581] mkdir("./file2", 0777 [pid 8577] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] mkdir("./241", 0777 [pid 8586] <... setpgid resumed>) = 0 [ 216.552135][ T8584] loop2: detected capacity change from 0 to 256 [pid 8577] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(3, "", [pid 8586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... mkdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8586] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] ioctl(3, LOOP_CLR_FDexecuting program [pid 5834] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 8586] write(3, "1000", 4) = 4 [pid 8586] close(3) = 0 [pid 8586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8586] write(1, "executing program\n", 18) = 18 [pid 5831] <... close resumed>) = 0 [pid 8586] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8586] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8586] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8586] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8587]}, 88) = 8587 [pid 8586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8586] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8586] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./237/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 8588 attached [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8588] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8588] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8588 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4./strace-static-x86_64: Process 8587 attached [pid 8588] chdir("./241" [pid 8584] <... mount resumed>) = 0 [pid 8581] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8577] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8587] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8581] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8577] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8588] <... chdir resumed>) = 0 [pid 8587] <... rseq resumed>) = 0 [pid 8577] <... futex resumed>) = ? [pid 5834] rmdir("./237/file1" [pid 8587] set_robust_list(0x7f300ac489a0, 24 [pid 8581] +++ killed by SIGSEGV +++ [pid 8577] +++ killed by SIGSEGV +++ [pid 8588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8587] <... set_robust_list resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8577, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8588] setpgid(0, 0 [pid 8584] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8588] <... setpgid resumed>) = 0 [pid 8587] rt_sigprocmask(SIG_SETMASK, [], [pid 8584] <... openat resumed>) = 3 [pid 5834] umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8584] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8587] memfd_create("syzkaller", 0 [pid 8584] <... chdir resumed>) = 0 [pid 8587] <... memfd_create resumed>) = 3 [pid 5834] newfstatat(AT_FDCWD, "./237/binderfs", [pid 8588] <... openat resumed>) = 3 [pid 8587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8588] write(3, "1000", 4 [pid 8587] <... mmap resumed>) = 0x7f3002800000 [pid 8584] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] unlink("./237/binderfs" [pid 8588] <... write resumed>) = 4 [pid 8587] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8584] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... restart_syscall resumed>) = 0 [pid 8588] close(3) = 0 [pid 8587] <... write resumed>) = 131072 [pid 8584] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... unlink resumed>) = 0 [pid 8584] <... futex resumed>) = 1 [ 216.599814][ T8581] exFAT-fs (loop0): error, data size is invalid(9000) [ 216.619764][ T8584] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 216.636686][ T8581] exFAT-fs (loop0): Filesystem has been set read-only [pid 8583] <... futex resumed>) = 0 [pid 5834] getdents64(3, [pid 8588] symlink("/dev/binderfs", "./binderfs" [pid 8584] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8583] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8588] <... symlink resumed>) = 0 [pid 8584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8587] munmap(0x7f3002800000, 138412032 [pid 8584] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8583] <... futex resumed>) = 0 [pid 5834] close(3 [pid 5830] openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8588] write(1, "executing program\n", 18 [pid 8587] <... munmap resumed>) = 0 [pid 8584] <... openat resumed>) = 4 [pid 8583] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 executing program [pid 5830] <... openat resumed>) = 3 [pid 8588] <... write resumed>) = 18 [pid 5830] newfstatat(3, "", [pid 5834] rmdir("./237" [pid 8588] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8587] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8588] <... futex resumed>) = 0 [pid 8587] <... openat resumed>) = 4 [pid 8584] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mkdir("./238", 0777 [pid 5830] getdents64(3, [pid 8588] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8588] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8584] <... futex resumed>) = 1 [pid 8583] <... futex resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 8588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8583] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8588] <... mmap resumed>) = 0x7f300ac28000 [pid 8587] ioctl(4, LOOP_SET_FD, 3 [pid 8583] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8588] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8584] mkdir("./file2", 0777 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8588] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(3 [pid 8588] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] newfstatat(AT_FDCWD, "./238/file1", [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8588] <... clone3 resumed> => {parent_tid=[8589]}, 88) = 8589 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8590 attached [pid 8588] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8590 [pid 8588] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] set_robust_list(0x55556b85b6a0, 24 [pid 8588] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8590] <... set_robust_list resumed>) = 0 [pid 8588] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8587] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8589 attached ) = 4 [pid 8587] close(3 [pid 5830] newfstatat(4, "", [pid 8590] chdir("./238" [pid 8587] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8590] <... chdir resumed>) = 0 [pid 8587] close(4 [pid 5830] getdents64(4, [pid 8589] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8587] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8587] mkdir("./file1", 0777 [pid 5830] getdents64(4, [pid 8590] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8589] <... rseq resumed>) = 0 [pid 8587] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8590] <... prctl resumed>) = 0 [pid 8589] set_robust_list(0x7f300ac489a0, 24 [pid 5830] close(4 [pid 8589] <... set_robust_list resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8590] setpgid(0, 0 [pid 5830] rmdir("./238/file1" [pid 8590] <... setpgid resumed>) = 0 [pid 8590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8589] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rmdir resumed>) = 0 [pid 8589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] <... openat resumed>) = 3 [pid 8589] memfd_create("syzkaller", 0 [pid 8587] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8589] <... memfd_create resumed>) = 3 [pid 8589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./238/binderfs", [pid 8590] write(3, "1000", 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8590] <... write resumed>) = 4 [pid 5830] unlink("./238/binderfs" [pid 8590] close(3) = 0 [pid 8589] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... unlink resumed>) = 0 [pid 8590] symlink("/dev/binderfs", "./binderfs" [pid 5830] getdents64(3, [pid 8590] <... symlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8583] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8583] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8583] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8591 attached [pid 8589] <... write resumed>) = 131072 [pid 8583] <... clone3 resumed> => {parent_tid=[8591]}, 88) = 8591 [pid 8583] rt_sigprocmask(SIG_SETMASK, [], [pid 8591] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8591] <... rseq resumed>) = 0 [pid 8590] write(1, "executing program\n", 18 [pid 8583] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 5830] close(3 [pid 8591] set_robust_list(0x7f300ac279a0, 24 [pid 8590] <... write resumed>) = 18 [pid 8589] munmap(0x7f3002800000, 138412032 [pid 8584] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8583] <... futex resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8591] <... set_robust_list resumed>) = 0 [pid 8590] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8583] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] rmdir("./238" [pid 8591] rt_sigprocmask(SIG_SETMASK, [], [pid 8590] <... futex resumed>) = 0 [pid 8589] <... munmap resumed>) = 0 [pid 8584] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... rmdir resumed>) = 0 [pid 8591] <... rt_sigprocmask resumed> ) = ? [pid 8590] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8583] <... futex resumed>) = ? [pid 8591] +++ killed by SIGSEGV +++ [pid 8590] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8589] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] mkdir("./239", 0777 [pid 8590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8589] <... openat resumed>) = 4 [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [ 216.698345][ T8587] loop3: detected capacity change from 0 to 256 [ 216.719792][ T8584] exFAT-fs (loop2): error, data size is invalid(9000) [ 216.731960][ T8584] exFAT-fs (loop2): Filesystem has been set read-only [pid 8590] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8589] ioctl(4, LOOP_SET_FD, 3 [pid 8590] <... mprotect resumed>) = 0 [pid 8584] +++ killed by SIGSEGV +++ [pid 8583] +++ killed by SIGSEGV +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8583, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 8590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8589] <... ioctl resumed>) = 0 [pid 5832] getdents64(3, [pid 8589] close(3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8592 attached [pid 8590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8589] <... close resumed>) = 0 [pid 5832] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8592] set_robust_list(0x55556b85b6a0, 24 [pid 8589] close(4 [pid 8587] <... mount resumed>) = 0 [pid 8592] <... set_robust_list resumed>) = 0 [pid 8589] <... close resumed>) = 0 [pid 8590] <... clone3 resumed> => {parent_tid=[8593]}, 88) = 8593 [pid 8589] mkdir("./file1", 0777./strace-static-x86_64: Process 8593 attached [pid 8592] chdir("./239" [pid 8590] rt_sigprocmask(SIG_SETMASK, [], [pid 8589] <... mkdir resumed>) = 0 [pid 8587] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8592 [pid 8593] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8592] <... chdir resumed>) = 0 [pid 8590] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8589] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8593] <... rseq resumed>) = 0 [pid 8587] <... openat resumed>) = 3 [pid 8593] set_robust_list(0x7f300ac489a0, 24 [pid 8592] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8590] <... futex resumed>) = 0 [pid 5832] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8593] <... set_robust_list resumed>) = 0 [pid 8590] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8593] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] newfstatat(AT_FDCWD, "./233/file1", [pid 8593] memfd_create("syzkaller", 0 [pid 8592] <... prctl resumed>) = 0 [pid 8587] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8592] setpgid(0, 0 [pid 8587] <... chdir resumed>) = 0 [pid 8592] <... setpgid resumed>) = 0 [pid 8587] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8587] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8587] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8586] <... futex resumed>) = 0 [pid 8592] <... openat resumed>) = 3 [pid 8587] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8586] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 216.776401][ T8589] loop1: detected capacity change from 0 to 256 [ 216.787329][ T8587] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8586] <... futex resumed>) = 0 [pid 8593] <... memfd_create resumed>) = 3 [pid 8587] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8586] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./233/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8592] write(3, "1000", 4) = 4 [pid 8587] <... openat resumed>) = 4 [pid 8592] close(3) = 0 [pid 8592] symlink("/dev/binderfs", "./binderfs" [pid 8587] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8586] <... futex resumed>) = 0 [pid 8586] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8586] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8592] <... symlink resumed>) = 0 [pid 8593] <... mmap resumed>) = 0x7f3002800000 [pid 8587] mkdir("./file2", 0777 [pid 8593] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8592] write(1, "executing program\n", 18 [pid 5832] openat(AT_FDCWD, "./233/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program ) = 4 [pid 8593] <... write resumed>) = 131072 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8592] <... write resumed>) = 18 [pid 8593] munmap(0x7f3002800000, 138412032 [pid 8592] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8592] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8592] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8593] <... munmap resumed>) = 0 [pid 8592] <... rt_sigaction resumed>NULL, 8) = 0 [ 216.849075][ T8589] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 216.866576][ T8587] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8593] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] getdents64(4, [pid 8592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8592] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8593] <... openat resumed>) = 4 [pid 8592] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8592] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8594]}, 88) = 8594 [pid 8592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8593] ioctl(4, LOOP_SET_FD, 3 [pid 8586] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] close(4 [pid 8586] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8592] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8586] <... mmap resumed>) = 0x7f300ac07000 [pid 8592] <... futex resumed>) = 0 [pid 8586] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8592] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8586] <... mprotect resumed>) = 0 [pid 8586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8594 attached => {parent_tid=[8595]}, 88) = 8595 [pid 8586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8586] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8586] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8594] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8589] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8595 attached [pid 8594] <... rseq resumed>) = 0 [pid 8594] set_robust_list(0x7f300ac489a0, 24 [pid 8589] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8594] <... set_robust_list resumed>) = 0 [pid 8589] <... openat resumed>) = 3 [pid 8594] rt_sigprocmask(SIG_SETMASK, [], [pid 8589] chdir("./file1" [pid 8595] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8589] <... chdir resumed>) = 0 [pid 8595] <... rseq resumed>) = 0 [pid 8594] memfd_create("syzkaller", 0 [pid 8589] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8595] set_robust_list(0x7f300ac279a0, 24 [pid 8594] <... memfd_create resumed>) = 3 [pid 8593] <... ioctl resumed>) = 0 [pid 8589] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 8595] <... set_robust_list resumed>) = 0 [pid 8594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8589] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./233/file1" [pid 8595] rt_sigprocmask(SIG_SETMASK, [], [pid 8594] <... mmap resumed>) = 0x7f3002800000 [pid 8589] <... futex resumed>) = 1 [pid 8595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8594] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8589] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8595] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5832] <... rmdir resumed>) = 0 [pid 8595] <... ioctl resumed>) = 0 [pid 5832] umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8595] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8588] <... futex resumed>) = 0 [pid 8595] <... futex resumed>) = 1 [pid 8586] <... futex resumed>) = 0 [pid 8595] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8588] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8589] <... futex resumed>) = 0 [pid 8588] <... futex resumed>) = 1 [pid 5832] newfstatat(AT_FDCWD, "./233/binderfs", [pid 8589] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8588] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8594] <... write resumed>) = 131072 [pid 8589] <... openat resumed>) = 4 [pid 5832] unlink("./233/binderfs" [pid 8589] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8588] <... futex resumed>) = 0 [pid 8589] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8588] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8588] <... futex resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8588] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8594] munmap(0x7f3002800000, 138412032 [pid 8589] mkdir("./file2", 0777 [pid 8587] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] getdents64(3, [pid 8594] <... munmap resumed>) = 0 [pid 8593] close(3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8593] <... close resumed>) = 0 [pid 5832] close(3 [pid 8594] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 8594] <... openat resumed>) = 4 [ 216.892986][ T8587] exFAT-fs (loop3): Filesystem has been set read-only [ 216.901110][ T8593] loop4: detected capacity change from 0 to 256 [ 216.926515][ T8589] exFAT-fs (loop1): error, data size is invalid(9000) [pid 5832] rmdir("./233" [pid 8594] ioctl(4, LOOP_SET_FD, 3 [pid 8593] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./234", 0777 [pid 8593] <... close resumed>) = 0 [pid 8587] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] <... mkdir resumed>) = 0 [pid 8593] mkdir("./file1", 0777 [pid 8595] <... futex resumed>) = ? [pid 8595] +++ killed by SIGSEGV +++ [pid 8593] <... mkdir resumed>) = 0 [pid 8587] +++ killed by SIGSEGV +++ [pid 8586] +++ killed by SIGSEGV +++ [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8594] <... ioctl resumed>) = 0 [pid 8593] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8589] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8594] close(3 [pid 8589] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8586, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8588] <... futex resumed>) = ? [pid 5832] <... close resumed>) = 0 [pid 8594] <... close resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8594] close(4 [pid 5833] umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8594] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8594] mkdir("./file1", 0777 [pid 5833] openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8594] <... mkdir resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8596 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8596 attached [pid 8594] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8589] +++ killed by SIGSEGV +++ [pid 8588] +++ killed by SIGSEGV +++ [pid 5833] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8588, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8596] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8596] <... set_robust_list resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./239/file1", [pid 8596] chdir("./234" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8596] <... chdir resumed>) = 0 [pid 5833] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8596] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8596] <... prctl resumed>) = 0 [ 216.939530][ T8594] loop0: detected capacity change from 0 to 256 [ 216.953781][ T8589] exFAT-fs (loop1): Filesystem has been set read-only [pid 5833] openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8596] setpgid(0, 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8596] <... setpgid resumed>) = 0 [pid 8596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] <... openat resumed>) = 4 [pid 8596] write(3, "1000", 4 [pid 5833] newfstatat(4, "", [pid 8596] <... write resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8596] close(3 [pid 5833] getdents64(4, [pid 8596] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8596] symlink("/dev/binderfs", "./binderfs" [pid 5833] getdents64(4, [pid 8596] <... symlink resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./239/file1") = 0 [pid 5831] umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8596] write(1, "executing program\n", 18executing program [pid 5833] umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8596] <... write resumed>) = 18 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8596] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8593] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8593] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 8596] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8596] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8593] chdir("./file1" [pid 5831] getdents64(3, [pid 8596] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] newfstatat(AT_FDCWD, "./239/binderfs", [pid 8596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] unlink("./239/binderfs" [pid 8596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... unlink resumed>) = 0 [pid 8593] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] getdents64(3, [pid 5831] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8593] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8596] <... mmap resumed>) = 0x7f300ac28000 [pid 8593] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] close(3 [pid 8596] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... close resumed>) = 0 [pid 8596] <... mprotect resumed>) = 0 [pid 5833] rmdir("./239" [pid 8596] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... rmdir resumed>) = 0 [pid 8593] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8596] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8593] <... futex resumed>) = 1 [pid 8590] <... futex resumed>) = 0 [pid 5833] mkdir("./240", 0777 [pid 8596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8593] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8590] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 8590] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8597 attached [pid 8590] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8596] <... clone3 resumed> => {parent_tid=[8597]}, 88) = 8597 [pid 8593] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 8596] rt_sigprocmask(SIG_SETMASK, [], [pid 8593] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8597] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8593] <... futex resumed>) = 1 [pid 8590] <... futex resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8590] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] newfstatat(AT_FDCWD, "./241/file1", [pid 8590] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8597] <... rseq resumed>) = 0 [pid 8596] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8597] set_robust_list(0x7f300ac489a0, 24 [ 216.988571][ T8593] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 217.020033][ T8594] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8596] <... futex resumed>) = 0 [pid 8594] <... mount resumed>) = 0 [pid 8593] mkdir("./file2", 0777 [pid 5833] <... close resumed>) = 0 [pid 5831] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8597] <... set_robust_list resumed>) = 0 [pid 8596] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8597] memfd_create("syzkaller", 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8598 [pid 8597] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 8598 attached [pid 8597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8594] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8597] <... mmap resumed>) = 0x7f3002800000 [pid 8597] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8598] set_robust_list(0x55556b85b6a0, 24 [pid 8594] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 8598] <... set_robust_list resumed>) = 0 [pid 8598] chdir("./240") = 0 [pid 8598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8597] <... write resumed>) = 131072 [pid 8598] setpgid(0, 0) = 0 [pid 8598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8597] munmap(0x7f3002800000, 138412032 [pid 8598] write(3, "1000", 4 [pid 8597] <... munmap resumed>) = 0 [pid 8594] chdir("./file1" [pid 5831] newfstatat(4, "", [pid 8598] <... write resumed>) = 4 [pid 8597] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8598] close(3 [pid 8597] <... openat resumed>) = 4 [pid 8594] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8598] <... close resumed>) = 0 [pid 8597] ioctl(4, LOOP_SET_FD, 3 [pid 8598] symlink("/dev/binderfs", "./binderfs" [pid 8594] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8590] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] getdents64(4, executing program [pid 8598] <... symlink resumed>) = 0 [pid 8594] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8590] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8590] <... futex resumed>) = 0 [pid 5831] getdents64(4, [pid 8590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8598] write(1, "executing program\n", 18 [pid 8590] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] close(4 [pid 8590] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... close resumed>) = 0 [pid 8598] <... write resumed>) = 18 [pid 8590] <... mprotect resumed>) = 0 [pid 5831] rmdir("./241/file1" [pid 8598] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8598] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... rmdir resumed>) = 0 [pid 8598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8594] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8598] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] newfstatat(AT_FDCWD, "./241/binderfs", [pid 8594] <... futex resumed>) = 1 [pid 8598] <... mprotect resumed>) = 0 [pid 8592] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8599 attached [pid 8598] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8594] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8592] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] unlink("./241/binderfs" [pid 8599] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8598] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8592] <... futex resumed>) = 0 [pid 8590] <... clone3 resumed> => {parent_tid=[8599]}, 88) = 8599 [pid 8598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8592] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8600 attached [pid 8599] <... rseq resumed>) = 0 [pid 8590] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... unlink resumed>) = 0 [pid 8599] set_robust_list(0x7f300ac279a0, 24 [pid 8598] <... clone3 resumed> => {parent_tid=[8600]}, 88) = 8600 [pid 8594] <... openat resumed>) = 4 [pid 8599] <... set_robust_list resumed>) = 0 [pid 8598] rt_sigprocmask(SIG_SETMASK, [], [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] getdents64(3, [pid 8599] rt_sigprocmask(SIG_SETMASK, [], [pid 8598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8600] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8598] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8594] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] <... futex resumed>) = 0 [pid 5831] close(3 [pid 8600] <... rseq resumed>) = 0 [pid 8599] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8598] <... futex resumed>) = 0 [pid 8594] <... futex resumed>) = 1 [pid 8597] <... ioctl resumed>) = 0 [pid 8592] <... futex resumed>) = 0 [pid 8590] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 8600] set_robust_list(0x7f300ac489a0, 24 [pid 8599] <... ioctl resumed>) = 0 [ 217.059715][ T8593] exFAT-fs (loop4): error, data size is invalid(9000) [ 217.086662][ T8593] exFAT-fs (loop4): Filesystem has been set read-only [ 217.096563][ T8597] loop2: detected capacity change from 0 to 256 [pid 8598] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8594] mkdir("./file2", 0777 [pid 8592] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8600] <... set_robust_list resumed>) = 0 [pid 8599] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8597] close(3 [pid 8593] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8592] <... futex resumed>) = 0 [pid 5831] rmdir("./241" [pid 8600] rt_sigprocmask(SIG_SETMASK, [], [pid 8597] <... close resumed>) = 0 [pid 8592] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8597] close(4 [pid 8600] memfd_create("syzkaller", 0 [pid 8597] <... close resumed>) = 0 [pid 8597] mkdir("./file1", 0777) = 0 [pid 8600] <... memfd_create resumed>) = 3 [pid 8600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8600] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8597] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8600] <... write resumed>) = 131072 [pid 8599] <... futex resumed>) = 1 [pid 8593] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... rmdir resumed>) = 0 [pid 8590] <... futex resumed>) = 0 [pid 5831] mkdir("./242", 0777 [pid 8599] +++ killed by SIGSEGV +++ [pid 5831] <... mkdir resumed>) = 0 [pid 8600] munmap(0x7f3002800000, 138412032) = 0 [pid 8593] +++ killed by SIGSEGV +++ [pid 8590] +++ killed by SIGSEGV +++ [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8600] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8590, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8600] <... openat resumed>) = 4 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8600] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5834] umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5834] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./238/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [ 217.128900][ T8594] exFAT-fs (loop0): error, data size is invalid(9000) [ 217.160860][ T8600] loop3: detected capacity change from 0 to 256 [pid 5834] rmdir("./238/file1" [pid 5831] <... close resumed>) = 0 [pid 8594] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8592] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8592] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8592] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... rmdir resumed>) = 0 [pid 8592] <... mprotect resumed>) = 0 [pid 8592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./238/binderfs", ./strace-static-x86_64: Process 8601 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8602 attached [pid 8592] <... clone3 resumed> => {parent_tid=[8602]}, 88) = 8602 [pid 5834] unlink("./238/binderfs" [pid 8602] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8601] set_robust_list(0x55556b85b6a0, 24 [pid 8592] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... unlink resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8601 [pid 8602] set_robust_list(0x7f300ac279a0, 24 [pid 8601] <... set_robust_list resumed>) = 0 [pid 8592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] getdents64(3, [pid 8602] <... set_robust_list resumed>) = 0 [pid 8601] chdir("./242" [pid 8592] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8601] <... chdir resumed>) = 0 [pid 8592] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8602] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8592] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./238" [pid 8601] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... rmdir resumed>) = 0 [pid 8601] <... prctl resumed>) = 0 [pid 8600] <... ioctl resumed>) = 0 [pid 5834] mkdir("./239", 0777 [pid 8602] <... ioctl resumed>) = 0 [pid 8601] setpgid(0, 0 [pid 8600] close(3 [pid 5834] <... mkdir resumed>) = 0 [pid 8602] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8601] <... setpgid resumed>) = 0 [pid 8600] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8602] <... futex resumed>) = 1 [pid 8601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8600] close(4 [pid 8592] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8602] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8594] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8601] <... openat resumed>) = 3 [pid 8601] write(3, "1000", 4 [pid 8600] <... close resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8601] <... write resumed>) = 4 [pid 8600] mkdir("./file1", 0777 [pid 5834] <... ioctl resumed>) = 0 [pid 8602] <... futex resumed>) = ? [pid 8601] close(3 [pid 8600] <... mkdir resumed>) = 0 [pid 5834] close(3 [pid 8602] +++ killed by SIGSEGV +++ [pid 8601] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8600] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 8601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8601] write(1, "executing program\n", 18 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8603 [pid 8601] <... write resumed>) = 18 [pid 8601] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8601] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8601] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8604]}, 88) = 8604 [pid 8601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8601] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8601] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8604 attached [pid 8604] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8604] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8604] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8603 attached NULL, 8) = 0 [pid 8604] memfd_create("syzkaller", 0) = 3 [pid 8603] set_robust_list(0x55556b85b6a0, 24 [pid 8604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8594] +++ killed by SIGSEGV +++ [pid 8592] +++ killed by SIGSEGV +++ [pid 8604] <... mmap resumed>) = 0x7f3002800000 [pid 8603] <... set_robust_list resumed>) = 0 [ 217.178768][ T8594] exFAT-fs (loop0): Filesystem has been set read-only [ 217.200777][ T8597] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8604] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8603] chdir("./239" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8592, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8603] <... chdir resumed>) = 0 [pid 8603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8597] <... mount resumed>) = 0 [pid 8603] setpgid(0, 0 [pid 8604] <... write resumed>) = 131072 [pid 8603] <... setpgid resumed>) = 0 [pid 8597] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... restart_syscall resumed>) = 0 [pid 8597] <... openat resumed>) = 3 [pid 8597] chdir("./file1") = 0 [pid 8597] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8597] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8597] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8596] <... futex resumed>) = 0 [pid 8596] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8597] <... futex resumed>) = 0 [pid 8597] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8596] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8604] munmap(0x7f3002800000, 138412032) = 0 [pid 8604] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8604] ioctl(4, LOOP_SET_FD, 3 [pid 8603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8597] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8597] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8603] <... openat resumed>) = 3 [pid 8597] <... futex resumed>) = 1 [pid 8596] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8597] mkdir("./file2", 0777 [pid 8596] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8596] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8604] <... ioctl resumed>) = 0 [pid 8604] close(3) = 0 [pid 8604] close(4) = 0 [pid 8604] mkdir("./file1", 0777) = 0 [pid 8603] write(3, "1000", 4 [pid 5830] newfstatat(3, "", [pid 8603] <... write resumed>) = 4 [pid 8603] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8604] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8603] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 8603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8603] write(1, "executing program\n", 18executing program ) = 18 [pid 8603] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8603] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8603] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] newfstatat(AT_FDCWD, "./239/file1", [pid 8603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8603] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8603] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8603] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 8605 attached [pid 5830] newfstatat(4, "", [pid 8605] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8603] <... clone3 resumed> => {parent_tid=[8605]}, 88) = 8605 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8605] <... rseq resumed>) = 0 [pid 8603] rt_sigprocmask(SIG_SETMASK, [], [pid 8605] set_robust_list(0x7f300ac489a0, 24 [pid 8603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] getdents64(4, [pid 8605] <... set_robust_list resumed>) = 0 [pid 8603] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8605] rt_sigprocmask(SIG_SETMASK, [], [pid 8603] <... futex resumed>) = 0 [ 217.264081][ T8604] loop1: detected capacity change from 0 to 256 [ 217.272852][ T8597] exFAT-fs (loop2): error, data size is invalid(9000) [ 217.274585][ T8600] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 217.288439][ T8597] exFAT-fs (loop2): Filesystem has been set read-only [pid 8600] <... mount resumed>) = 0 [pid 8597] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8603] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8596] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] getdents64(4, [pid 8605] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 8605] <... memfd_create resumed>) = 3 [pid 8600] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8597] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8596] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 8605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8600] <... openat resumed>) = 3 [pid 5830] rmdir("./239/file1" [pid 8605] <... mmap resumed>) = 0x7f3002800000 [pid 5830] <... rmdir resumed>) = 0 [pid 8596] <... futex resumed>) = ? [pid 8605] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8600] chdir("./file1" [pid 8597] +++ killed by SIGSEGV +++ [pid 8596] +++ killed by SIGSEGV +++ [pid 5830] umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8596, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./239/binderfs", [pid 8600] <... chdir resumed>) = 0 [pid 8605] <... write resumed>) = 131072 [pid 8600] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8600] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8605] munmap(0x7f3002800000, 138412032 [pid 5830] unlink("./239/binderfs" [pid 8600] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8605] <... munmap resumed>) = 0 [pid 8600] <... futex resumed>) = 1 [pid 8598] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... unlink resumed>) = 0 [pid 8605] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8604] <... mount resumed>) = 0 [pid 8600] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8598] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 8605] <... openat resumed>) = 4 [pid 8604] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8598] <... futex resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 8605] ioctl(4, LOOP_SET_FD, 3 [pid 8604] <... openat resumed>) = 3 [pid 8600] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8598] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [ 217.324604][ T8604] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8604] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8604] <... chdir resumed>) = 0 [pid 8604] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8604] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8601] <... futex resumed>) = 0 [pid 8604] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8601] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] getdents64(3, [pid 5830] close(3 [pid 8601] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8600] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8605] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8605] close(3 [pid 8604] <... openat resumed>) = 4 [pid 8600] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./239" [pid 8605] <... close resumed>) = 0 [pid 8600] <... futex resumed>) = 1 [pid 8598] <... futex resumed>) = 0 [pid 8605] close(4 [pid 8604] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8600] mkdir("./file2", 0777 [pid 8598] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 8604] <... futex resumed>) = 1 [pid 8601] <... futex resumed>) = 0 [pid 8601] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8604] mkdir("./file2", 0777 [pid 8601] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8605] <... close resumed>) = 0 [pid 8598] <... futex resumed>) = 0 [pid 5830] mkdir("./240", 0777 [pid 8605] mkdir("./file1", 0777 [pid 8598] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8605] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./234/file1", [pid 5830] <... openat resumed>) = 3 [pid 8605] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./234/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./234/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(3 [pid 8601] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... openat resumed>) = 4 [pid 8601] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] newfstatat(4, "", [pid 8601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 8601] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] getdents64(4, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8601] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 217.381271][ T8605] loop4: detected capacity change from 0 to 256 [ 217.401059][ T8600] exFAT-fs (loop3): error, data size is invalid(9000) [ 217.402294][ T8604] exFAT-fs (loop1): error, data size is invalid(9000) [ 217.407864][ T8600] exFAT-fs (loop3): Filesystem has been set read-only ./strace-static-x86_64: Process 8606 attached [pid 8601] <... mprotect resumed>) = 0 [pid 5832] getdents64(4, [pid 8601] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8606 [pid 8601] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] close(4 [pid 8601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./234/file1" [pid 8601] <... clone3 resumed> => {parent_tid=[8607]}, 88) = 8607 [pid 5832] <... rmdir resumed>) = 0 [pid 8601] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8607 attached [pid 8601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8601] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(AT_FDCWD, "./234/binderfs", [pid 8607] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8601] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8607] <... rseq resumed>) = 0 [pid 8601] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] unlink("./234/binderfs" [pid 8607] set_robust_list(0x7f300ac279a0, 24 [pid 5832] <... unlink resumed>) = 0 [pid 8607] <... set_robust_list resumed>) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 8607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8607] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5832] rmdir("./234" [pid 8607] <... ioctl resumed>) = 0 [pid 8606] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... rmdir resumed>) = 0 [pid 8607] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8601] <... futex resumed>) = 0 [pid 8607] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] mkdir("./235", 0777) = 0 [pid 8606] <... set_robust_list resumed>) = 0 [pid 8598] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8600] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8598] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... ioctl resumed>) = 0 [pid 8598] <... futex resumed>) = 0 [pid 8600] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] close(3 [pid 8606] chdir("./240" [pid 8598] <... mmap resumed>) = ? [pid 5832] <... close resumed>) = 0 [pid 8606] <... chdir resumed>) = 0 [pid 8604] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8604] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8607] <... futex resumed>) = ? [pid 8600] +++ killed by SIGSEGV +++ [pid 8598] +++ killed by SIGSEGV +++ [pid 8606] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8607] +++ killed by SIGSEGV +++ [pid 8604] +++ killed by SIGSEGV +++ [pid 8601] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8598, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8608 attached [pid 8606] <... prctl resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8601, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8608 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8608] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8608] chdir("./235") = 0 [pid 8608] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... restart_syscall resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8608] <... prctl resumed>) = 0 [pid 8608] setpgid(0, 0) = 0 [pid 8608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8608] write(3, "1000", 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8608] <... write resumed>) = 4 [pid 5833] openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8608] close(3 [pid 5833] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8608] <... close resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8608] symlink("/dev/binderfs", "./binderfs"executing program [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8608] <... symlink resumed>) = 0 [pid 8606] setpgid(0, 0 [pid 5833] getdents64(3, [pid 5831] newfstatat(3, "", [pid 8608] write(1, "executing program\n", 18 [pid 8606] <... setpgid resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 217.460256][ T8604] exFAT-fs (loop1): Filesystem has been set read-only [ 217.469534][ T8605] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8608] <... write resumed>) = 18 [pid 8606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 8608] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8606] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8608] <... futex resumed>) = 0 [pid 8606] write(3, "1000", 4 [pid 5831] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8608] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8606] <... write resumed>) = 4 [pid 8605] <... mount resumed>) = 0 [pid 8608] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8606] close(3 [pid 8605] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8606] <... close resumed>) = 0 [pid 8605] <... openat resumed>) = 3 [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8606] symlink("/dev/binderfs", "./binderfs" [pid 8605] chdir("./file1" [pid 5833] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 executing program [pid 8608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8606] <... symlink resumed>) = 0 [pid 8605] <... chdir resumed>) = 0 [pid 5831] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8606] write(1, "executing program\n", 18 [pid 8605] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8606] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8606] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8605] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] newfstatat(AT_FDCWD, "./242/file1", [pid 8608] <... mmap resumed>) = 0x7f300ac28000 [pid 8606] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8606] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8608] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8606] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8608] <... mprotect resumed>) = 0 [pid 8606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8605] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8608] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8605] <... futex resumed>) = 1 [pid 8603] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8608] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8606] <... mmap resumed>) = 0x7f300ac28000 [pid 8605] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8603] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8606] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8603] <... futex resumed>) = 0 [pid 8608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8606] <... mprotect resumed>) = 0 [pid 8603] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8609 attached [pid 8606] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] newfstatat(AT_FDCWD, "./240/file1", [pid 5831] newfstatat(4, "", [pid 8606] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8608] <... clone3 resumed> => {parent_tid=[8609]}, 88) = 8609 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8608] rt_sigprocmask(SIG_SETMASK, [], [pid 8606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8605] <... openat resumed>) = 4 [pid 5833] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, ./strace-static-x86_64: Process 8610 attached [pid 8609] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8605] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8610] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8609] <... rseq resumed>) = 0 [pid 8608] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8606] <... clone3 resumed> => {parent_tid=[8610]}, 88) = 8610 [pid 8605] <... futex resumed>) = 1 [pid 8603] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 8610] <... rseq resumed>) = 0 [pid 8609] set_robust_list(0x7f300ac489a0, 24 [pid 8608] <... futex resumed>) = 0 [pid 8606] rt_sigprocmask(SIG_SETMASK, [], [pid 8603] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] set_robust_list(0x7f300ac489a0, 24 [pid 8606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8605] mkdir("./file2", 0777 [pid 8603] <... futex resumed>) = 0 [pid 8603] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8609] <... set_robust_list resumed>) = 0 [pid 8608] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8609] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] newfstatat(4, "", [pid 8609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] close(4 [pid 8609] memfd_create("syzkaller", 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8609] <... memfd_create resumed>) = 3 [pid 5833] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 8609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8609] <... mmap resumed>) = 0x7f3002800000 [pid 5833] getdents64(4, [pid 5831] rmdir("./242/file1" [pid 8610] <... set_robust_list resumed>) = 0 [pid 8609] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8606] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8610] rt_sigprocmask(SIG_SETMASK, [], [pid 8606] <... futex resumed>) = 0 [pid 5833] close(4 [pid 8610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8606] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 8610] memfd_create("syzkaller", 0 [pid 5833] rmdir("./240/file1" [pid 5831] umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8610] <... memfd_create resumed>) = 3 [pid 5833] <... rmdir resumed>) = 0 [pid 8609] <... write resumed>) = 131072 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./242/binderfs") = 0 [pid 5833] umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 8610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8610] <... mmap resumed>) = 0x7f3002800000 [pid 8609] munmap(0x7f3002800000, 138412032 [pid 5833] newfstatat(AT_FDCWD, "./240/binderfs", [pid 5831] close(3 [pid 8609] <... munmap resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./240/binderfs" [pid 5831] <... close resumed>) = 0 [pid 8610] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... unlink resumed>) = 0 [pid 5831] rmdir("./242" [pid 8610] <... write resumed>) = 131072 [pid 8609] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 8610] munmap(0x7f3002800000, 138412032) = 0 [pid 8609] <... openat resumed>) = 4 [pid 5833] getdents64(3, [pid 5831] mkdir("./243", 0777 [pid 8610] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8605] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8610] <... openat resumed>) = 4 [pid 8605] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 8610] ioctl(4, LOOP_SET_FD, 3 [pid 8603] <... futex resumed>) = ? [ 217.555803][ T8605] exFAT-fs (loop4): error, data size is invalid(9000) [ 217.574062][ T8605] exFAT-fs (loop4): Filesystem has been set read-only [pid 5833] close(3 [pid 8609] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... close resumed>) = 0 [pid 8605] +++ killed by SIGSEGV +++ [pid 8603] +++ killed by SIGSEGV +++ [pid 5833] rmdir("./240" [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8603, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] mkdir("./241", 0777 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8611 attached [pid 8610] <... ioctl resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8611] set_robust_list(0x55556b85b6a0, 24 [pid 8610] close(3 [pid 8609] <... ioctl resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8611] <... set_robust_list resumed>) = 0 [pid 8610] <... close resumed>) = 0 [pid 8609] close(3 [pid 5834] openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... openat resumed>) = 3 [pid 8611] chdir("./243" [pid 8610] close(4 [pid 8609] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8611 [pid 8611] <... chdir resumed>) = 0 [pid 8610] <... close resumed>) = 0 [pid 8609] close(4 [pid 8611] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8610] mkdir("./file1", 0777 [pid 8611] <... prctl resumed>) = 0 [pid 8609] <... close resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8610] <... mkdir resumed>) = 0 [pid 8611] setpgid(0, 0 [pid 8610] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8609] mkdir("./file1", 0777 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8611] <... setpgid resumed>) = 0 [pid 8609] <... mkdir resumed>) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 8611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8609] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8611] <... openat resumed>) = 3 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 217.596394][ T8609] loop2: detected capacity change from 0 to 256 [ 217.598024][ T8610] loop0: detected capacity change from 0 to 256 [pid 8611] write(3, "1000", 4 [pid 5834] newfstatat(AT_FDCWD, "./239/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8611] <... write resumed>) = 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8611] close(3 [pid 5834] openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8612 attached [pid 8611] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8611] symlink("/dev/binderfs", "./binderfs" [pid 5834] newfstatat(4, "", [pid 8612] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8612] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(4, [pid 8612] chdir("./241" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8612 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 8612] <... chdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8612] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] rmdir("./239/file1" [pid 8612] <... prctl resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8612] setpgid(0, 0) = 0 [pid 8612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8612] write(3, "1000", 4 [pid 8611] <... symlink resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8612] <... write resumed>) = 4 [pid 5834] newfstatat(AT_FDCWD, "./239/binderfs", [pid 8612] close(3executing program [pid 8611] write(1, "executing program\n", 18) = 18 [pid 8611] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8611] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8612] <... close resumed>) = 0 [pid 5834] unlink("./239/binderfs" [pid 8612] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... unlink resumed>) = 0 executing program [pid 8612] <... symlink resumed>) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8612] write(1, "executing program\n", 18 [pid 5834] close(3 [pid 8612] <... write resumed>) = 18 [pid 8611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 8612] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] rmdir("./239") = 0 [pid 8612] <... futex resumed>) = 0 [pid 5834] mkdir("./240", 0777 [pid 8612] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] <... mkdir resumed>) = 0 [pid 8612] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... openat resumed>) = 3 [pid 8612] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8612] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... ioctl resumed>) = 0 [pid 8612] <... mprotect resumed>) = 0 [pid 5834] close(3 [pid 8612] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... close resumed>) = 0 [pid 8611] <... mmap resumed>) = 0x7f300ac28000 [pid 8612] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8611] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8613 attached [pid 8612] <... clone3 resumed> => {parent_tid=[8613]}, 88) = 8613 [pid 8611] <... mprotect resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8614 ./strace-static-x86_64: Process 8614 attached [pid 8613] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8612] rt_sigprocmask(SIG_SETMASK, [], [pid 8611] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8614] set_robust_list(0x55556b85b6a0, 24 [pid 8613] <... rseq resumed>) = 0 [pid 8612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8611] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8614] <... set_robust_list resumed>) = 0 [pid 8613] set_robust_list(0x7f300ac489a0, 24 [pid 8612] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8615 attached [pid 8614] chdir("./240" [pid 8613] <... set_robust_list resumed>) = 0 [pid 8612] <... futex resumed>) = 0 [pid 8610] <... mount resumed>) = 0 [pid 8613] rt_sigprocmask(SIG_SETMASK, [], [pid 8612] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8614] <... chdir resumed>) = 0 [pid 8613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8611] <... clone3 resumed> => {parent_tid=[8615]}, 88) = 8615 [pid 8610] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8614] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8613] memfd_create("syzkaller", 0 [pid 8611] rt_sigprocmask(SIG_SETMASK, [], [pid 8610] <... openat resumed>) = 3 [pid 8615] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8614] <... prctl resumed>) = 0 [pid 8613] <... memfd_create resumed>) = 3 [ 217.665049][ T8610] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 217.693044][ T8609] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] chdir("./file1" [pid 8615] <... rseq resumed>) = 0 [pid 8613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8615] set_robust_list(0x7f300ac489a0, 24 [pid 8614] setpgid(0, 0 [pid 8613] <... mmap resumed>) = 0x7f3002800000 [pid 8611] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] <... chdir resumed>) = 0 [pid 8615] <... set_robust_list resumed>) = 0 [pid 8614] <... setpgid resumed>) = 0 [pid 8613] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8611] <... futex resumed>) = 0 [pid 8610] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8615] rt_sigprocmask(SIG_SETMASK, [], [pid 8614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8611] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8610] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8615] memfd_create("syzkaller", 0 [pid 8614] <... openat resumed>) = 3 [pid 8610] <... futex resumed>) = 1 [pid 8606] <... futex resumed>) = 0 [pid 8615] <... memfd_create resumed>) = 3 [pid 8610] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8606] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8614] write(3, "1000", 4 [pid 8613] <... write resumed>) = 131072 [pid 8610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8609] <... mount resumed>) = 0 [pid 8606] <... futex resumed>) = 0 [pid 8614] <... write resumed>) = 4 [pid 8610] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8606] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8614] close(3 [pid 8615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8613] munmap(0x7f3002800000, 138412032 [pid 8615] <... mmap resumed>) = 0x7f3002800000 [pid 8614] <... close resumed>) = 0 [pid 8610] <... openat resumed>) = 4 [pid 8615] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8614] symlink("/dev/binderfs", "./binderfs" [pid 8610] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8614] <... symlink resumed>) = 0 [pid 8613] <... munmap resumed>) = 0 [pid 8610] <... futex resumed>) = 1 [pid 8606] <... futex resumed>) = 0 [pid 8614] write(1, "executing program\n", 18 executing program [pid 8613] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8610] mkdir("./file2", 0777 [pid 8606] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8615] <... write resumed>) = 131072 [pid 8614] <... write resumed>) = 18 [pid 8613] <... openat resumed>) = 4 [pid 8609] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8615] munmap(0x7f3002800000, 138412032 [pid 8613] ioctl(4, LOOP_SET_FD, 3 [pid 8615] <... munmap resumed>) = 0 [pid 8614] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8609] <... openat resumed>) = 3 [pid 8606] <... futex resumed>) = 0 [pid 8614] <... futex resumed>) = 0 [pid 8606] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8609] chdir("./file1" [pid 8614] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8609] <... chdir resumed>) = 0 [pid 8614] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8609] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8615] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8609] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8615] <... openat resumed>) = 4 [pid 8615] ioctl(4, LOOP_SET_FD, 3 [pid 8614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8609] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8613] <... ioctl resumed>) = 0 [pid 8609] <... futex resumed>) = 1 [pid 8608] <... futex resumed>) = 0 [pid 8609] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8614] <... mmap resumed>) = 0x7f300ac28000 [pid 8613] close(3 [pid 8608] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8613] <... close resumed>) = 0 [pid 8608] <... futex resumed>) = 1 [pid 8613] close(4 [pid 8608] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8614] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8613] <... close resumed>) = 0 [pid 8609] <... futex resumed>) = 0 [pid 8614] <... mprotect resumed>) = 0 [pid 8609] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8615] <... ioctl resumed>) = 0 [pid 8614] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8609] <... openat resumed>) = 4 [pid 8614] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8615] close(3 [pid 8613] mkdir("./file1", 0777 [pid 8614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8609] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8613] <... mkdir resumed>) = 0 [pid 8609] <... futex resumed>) = 1 [pid 8608] <... futex resumed>) = 0 [pid 8606] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8614] <... clone3 resumed> => {parent_tid=[8616]}, 88) = 8616 [pid 8610] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8609] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8608] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8616 attached [pid 8615] <... close resumed>) = 0 [pid 8613] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8608] <... futex resumed>) = 0 [pid 8615] close(4 [pid 8608] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8616] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8615] <... close resumed>) = 0 [pid 8616] <... rseq resumed>) = 0 [pid 8615] mkdir("./file1", 0777 [pid 8616] set_robust_list(0x7f300ac489a0, 24 [pid 8615] <... mkdir resumed>) = 0 [pid 8616] <... set_robust_list resumed>) = 0 [pid 8615] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8616] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 217.774523][ T8610] exFAT-fs (loop0): error, data size is invalid(9000) [ 217.780154][ T8613] loop3: detected capacity change from 0 to 256 [ 217.798118][ T8615] loop1: detected capacity change from 0 to 256 [ 217.804970][ T8610] exFAT-fs (loop0): Filesystem has been set read-only [pid 8614] rt_sigprocmask(SIG_SETMASK, [], [pid 8610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8606] <... futex resumed>) = 0 [pid 8614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8609] mkdir("./file2", 0777 [pid 8614] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8606] <... mmap resumed>) = ? [pid 8614] <... futex resumed>) = 1 [pid 8616] <... futex resumed>) = 0 [pid 8614] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8616] memfd_create("syzkaller", 0) = 3 [pid 8616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8616] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8610] +++ killed by SIGSEGV +++ [pid 8606] +++ killed by SIGSEGV +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8606, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8616] <... write resumed>) = 131072 [pid 5830] openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8616] munmap(0x7f3002800000, 138412032 [pid 8608] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8608] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 8608] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8608] <... mmap resumed>) = 0x7f300ac07000 [pid 8608] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5830] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./240/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8608] <... clone3 resumed> => {parent_tid=[8617]}, 88) = 8617 [pid 5830] newfstatat(4, "", [pid 8608] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8617 attached [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] getdents64(4, [pid 8608] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8608] <... futex resumed>) = 0 [pid 5830] getdents64(4, [pid 8608] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 8617] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5830] <... close resumed>) = 0 [pid 8617] <... rseq resumed>) = 0 [pid 5830] rmdir("./240/file1" [pid 8617] set_robust_list(0x7f300ac279a0, 24 [pid 5830] <... rmdir resumed>) = 0 [pid 8617] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8617] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] newfstatat(AT_FDCWD, "./240/binderfs", [pid 8617] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./240/binderfs" [pid 8617] <... ioctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8617] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8608] <... futex resumed>) = 0 [pid 8617] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 217.850901][ T8609] exFAT-fs (loop2): error, data size is invalid(9000) [ 217.857720][ T8609] exFAT-fs (loop2): Filesystem has been set read-only [ 217.878265][ T8613] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] rmdir("./240" [pid 8609] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... rmdir resumed>) = 0 [pid 8609] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8617] <... futex resumed>) = ? [pid 8616] <... munmap resumed>) = 0 [pid 8613] <... mount resumed>) = 0 [pid 8613] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8609] +++ killed by SIGSEGV +++ [pid 5830] mkdir("./241", 0777 [pid 8613] chdir("./file1") = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8613] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 8617] +++ killed by SIGSEGV +++ [pid 8608] +++ killed by SIGSEGV +++ [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8616] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8613] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8608, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5830] close(3 [pid 8616] <... openat resumed>) = 4 [pid 8613] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... close resumed>) = 0 [pid 8616] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... restart_syscall resumed>) = 0 [ 217.921786][ T8615] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8613] <... futex resumed>) = 1 [pid 5832] umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8618 attached [pid 8616] <... ioctl resumed>) = 0 [pid 8615] <... mount resumed>) = 0 [pid 8613] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8612] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8618 [pid 8618] set_robust_list(0x55556b85b6a0, 24 [pid 8616] close(3 [pid 8615] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8612] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8618] <... set_robust_list resumed>) = 0 [pid 8616] <... close resumed>) = 0 [pid 8615] <... openat resumed>) = 3 [pid 8613] <... futex resumed>) = 0 [pid 8612] <... futex resumed>) = 1 [pid 5832] <... openat resumed>) = 3 [pid 8616] close(4 [pid 8618] chdir("./241" [pid 8616] <... close resumed>) = 0 [pid 8615] chdir("./file1" [pid 8613] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8612] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] newfstatat(3, "", [pid 8616] mkdir("./file1", 0777 [pid 8615] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 8613] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8616] <... mkdir resumed>) = 0 [pid 8615] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8613] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8616] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8615] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8613] <... futex resumed>) = 1 [pid 8612] <... futex resumed>) = 0 [ 217.970466][ T8616] loop4: detected capacity change from 0 to 256 [pid 8618] <... chdir resumed>) = 0 [pid 8615] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8613] mkdir("./file2", 0777 [pid 8612] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8618] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8615] <... futex resumed>) = 1 [pid 8612] <... futex resumed>) = 0 [pid 8611] <... futex resumed>) = 0 [pid 8612] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8611] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8618] <... prctl resumed>) = 0 [pid 8611] <... futex resumed>) = 0 [pid 8618] setpgid(0, 0 [pid 8615] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8611] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8618] <... setpgid resumed>) = 0 [pid 8615] <... openat resumed>) = 4 [pid 8618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8615] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8618] <... openat resumed>) = 3 [pid 8615] <... futex resumed>) = 1 [pid 8611] <... futex resumed>) = 0 [pid 8611] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8611] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8611] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] newfstatat(AT_FDCWD, "./235/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./235/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./235/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8618] write(3, "1000", 4 [pid 8615] mkdir("./file2", 0777 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./235/file1") = 0 [pid 5832] umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8613] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 218.018496][ T8613] exFAT-fs (loop3): error, data size is invalid(9000) [ 218.033642][ T8616] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 218.058845][ T8613] exFAT-fs (loop3): Filesystem has been set read-only [pid 5832] newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./235/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./235" [pid 8618] <... write resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./236", 0777) = 0 [pid 8618] close(3 [pid 8612] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8618] <... close resumed>) = 0 [pid 8612] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8618] symlink("/dev/binderfs", "./binderfs" [pid 8612] <... mmap resumed>) = 0x7f300ac07000 [pid 8612] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8619]}, 88) = 8619 [pid 8612] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8619 attached NULL, 8) = 0 [pid 8612] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8612] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8619] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8619] set_robust_list(0x7f300ac279a0, 24 [pid 8618] <... symlink resumed>) = 0 [pid 8619] <... set_robust_list resumed>) = 0 [pid 8619] rt_sigprocmask(SIG_SETMASK, [], [pid 8618] write(1, "executing program\n", 18 [pid 8615] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8619] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 8619] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8618] <... write resumed>) = 18 [pid 8616] <... mount resumed>) = 0 [pid 8615] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8619] <... ioctl resumed>) = 0 [pid 8618] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8611] <... futex resumed>) = ? [pid 8618] <... futex resumed>) = 0 [pid 8616] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8612] <... futex resumed>) = ? [pid 5832] <... openat resumed>) = 3 [pid 8619] +++ killed by SIGSEGV +++ [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 8613] +++ killed by SIGSEGV +++ [pid 8612] +++ killed by SIGSEGV +++ [pid 8618] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8616] <... openat resumed>) = 3 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8612, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8618] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8616] chdir("./file1" [pid 8615] +++ killed by SIGSEGV +++ [pid 8611] +++ killed by SIGSEGV +++ [pid 5833] umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8616] <... chdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8616] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8611, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8616] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8618] <... mmap resumed>) = 0x7f300ac28000 [pid 8616] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(3, "", [pid 8618] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8616] <... futex resumed>) = 1 [pid 8614] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... close resumed>) = 0 [pid 8618] <... mprotect resumed>) = 0 [pid 8616] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8614] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8618] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8614] <... futex resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8618] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8616] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8614] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [ 218.065831][ T8615] exFAT-fs (loop1): error, data size is invalid(9000) [ 218.079790][ T8615] exFAT-fs (loop1): Filesystem has been set read-only [pid 8618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8620 attached [pid 8616] <... openat resumed>) = 4 [pid 5833] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 8620] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8618] <... clone3 resumed> => {parent_tid=[8620]}, 88) = 8620 [pid 8616] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8620] <... rseq resumed>) = 0 [pid 8618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8618] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8618] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8621 attached [pid 8620] set_robust_list(0x7f300ac489a0, 24 [pid 8616] <... futex resumed>) = 1 [pid 8614] <... futex resumed>) = 0 [pid 5833] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8621] set_robust_list(0x55556b85b6a0, 24 [pid 8620] <... set_robust_list resumed>) = 0 [pid 8616] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8614] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8621] <... set_robust_list resumed>) = 0 [pid 8620] rt_sigprocmask(SIG_SETMASK, [], [pid 8616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8614] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./241/file1", [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8621 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8621] chdir("./236" [pid 8620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8616] mkdir("./file2", 0777 [pid 8614] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8621] <... chdir resumed>) = 0 [pid 8620] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 3 [pid 8621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8621] setpgid(0, 0 [pid 5831] newfstatat(3, "", [pid 8620] <... memfd_create resumed>) = 3 [pid 8621] <... setpgid resumed>) = 0 [pid 8620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8620] <... mmap resumed>) = 0x7f3002800000 [pid 5833] openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, [pid 8621] <... openat resumed>) = 3 [pid 8620] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] newfstatat(4, "", [pid 5831] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8620] <... write resumed>) = 131072 [pid 5833] getdents64(4, [pid 8621] write(3, "1000", 4 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8621] <... write resumed>) = 4 [pid 8620] munmap(0x7f3002800000, 138412032 [pid 8616] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] getdents64(4, [pid 5831] <... umount2 resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./241/file1" [pid 8621] close(3 [pid 5833] <... rmdir resumed>) = 0 [pid 8621] <... close resumed>) = 0 [pid 8620] <... munmap resumed>) = 0 [pid 8616] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8621] symlink("/dev/binderfs", "./binderfs" [pid 8620] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8621] <... symlink resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./241/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8621] write(1, "executing program\n", 18executing program [pid 8620] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./243/file1", [pid 8621] <... write resumed>) = 18 [pid 8620] ioctl(4, LOOP_SET_FD, 3 [pid 5833] unlink("./241/binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8621] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 5831] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8621] <... futex resumed>) = 0 [pid 8620] <... ioctl resumed>) = 0 [pid 8614] <... futex resumed>) = ? [pid 5833] getdents64(3, [pid 8621] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8620] close(3 [pid 8616] +++ killed by SIGSEGV +++ [pid 8614] +++ killed by SIGSEGV +++ [pid 5831] <... openat resumed>) = 4 [pid 8621] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8620] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8620] close(4 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8614, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] newfstatat(4, "", [pid 8621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8620] <... close resumed>) = 0 [pid 5834] umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8620] mkdir("./file1", 0777 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 8621] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] rmdir("./241" [pid 8621] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8620] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8621] <... mprotect resumed>) = 0 [pid 8620] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] newfstatat(3, "", [pid 5831] getdents64(4, [pid 8621] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] mkdir("./242", 0777 [pid 8621] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] getdents64(3, [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] close(4 [pid 8621] <... clone3 resumed> => {parent_tid=[8622]}, 88) = 8622 ./strace-static-x86_64: Process 8622 attached [pid 8622] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8621] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... close resumed>) = 0 [pid 8621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] rmdir("./243/file1" [pid 8621] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8622] <... rseq resumed>) = 0 [pid 5834] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8622] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8621] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 8622] rt_sigprocmask(SIG_SETMASK, [], [pid 8621] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8622] memfd_create("syzkaller", 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... ioctl resumed>) = 0 [pid 5833] close(3 [pid 5831] newfstatat(AT_FDCWD, "./243/binderfs", [pid 5833] <... close resumed>) = 0 [pid 8622] <... memfd_create resumed>) = 3 [pid 5834] <... umount2 resumed>) = 0 [pid 8622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 218.138293][ T8616] exFAT-fs (loop4): error, data size is invalid(9000) [ 218.149177][ T8616] exFAT-fs (loop4): Filesystem has been set read-only [ 218.164446][ T8620] loop0: detected capacity change from 0 to 256 [pid 5834] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8622] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8622] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] newfstatat(AT_FDCWD, "./240/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] unlink("./243/binderfs"./strace-static-x86_64: Process 8623 attached [pid 5834] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 8623] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8623] <... set_robust_list resumed>) = 0 [pid 8622] <... write resumed>) = 131072 [pid 5834] getdents64(4, [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8623 [pid 8623] chdir("./242" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8623] <... chdir resumed>) = 0 [pid 5834] close(4) = 0 [pid 8623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] rmdir("./240/file1" [pid 8623] setpgid(0, 0) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8622] munmap(0x7f3002800000, 138412032 [pid 8623] <... openat resumed>) = 3 [pid 5834] umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./240/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5831] getdents64(3, [pid 5834] rmdir("./240") = 0 [pid 5834] mkdir("./241", 0777) = 0 [pid 8623] write(3, "1000", 4 [pid 8622] <... munmap resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8623] <... write resumed>) = 4 [pid 5831] close(3 [pid 8623] close(3) = 0 [pid 5831] <... close resumed>) = 0 [pid 8623] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5831] rmdir("./243" [pid 8623] write(1, "executing program\n", 18 [pid 8622] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8623] <... write resumed>) = 18 [pid 8622] <... openat resumed>) = 4 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8623] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8622] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 8623] <... futex resumed>) = 0 [pid 8620] <... mount resumed>) = 0 [pid 5831] mkdir("./244", 0777 [pid 8620] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8623] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8620] <... openat resumed>) = 3 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8623] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8620] chdir("./file1" [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8620] <... chdir resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 8623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8620] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] close(3 [pid 8623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8620] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... close resumed>) = 0 [pid 8623] <... mmap resumed>) = 0x7f300ac28000 [pid 8620] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8623] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8620] <... futex resumed>) = 1 [pid 8618] <... futex resumed>) = 0 [pid 8623] <... mprotect resumed>) = 0 [pid 8620] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8618] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 8623] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8618] <... futex resumed>) = 0 [pid 8620] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8623] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8618] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8624 attached [pid 8623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8620] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8625 attached [pid 8620] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8624 [pid 5831] <... ioctl resumed>) = 0 [pid 8620] <... futex resumed>) = 1 [pid 8618] <... futex resumed>) = 0 [pid 8624] set_robust_list(0x55556b85b6a0, 24 [pid 8618] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8624] <... set_robust_list resumed>) = 0 [pid 8623] <... clone3 resumed> => {parent_tid=[8625]}, 88) = 8625 [pid 8618] <... futex resumed>) = 0 [pid 8624] chdir("./241" [pid 8623] rt_sigprocmask(SIG_SETMASK, [], [ 218.228214][ T8620] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 218.259467][ T8622] loop2: detected capacity change from 0 to 256 [pid 8620] mkdir("./file2", 0777executing program [pid 8618] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8625] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5831] close(3 [pid 8624] <... chdir resumed>) = 0 [pid 8623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8623] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8622] <... ioctl resumed>) = 0 [pid 8623] <... futex resumed>) = 0 [pid 8622] close(3 [pid 8623] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8622] <... close resumed>) = 0 [pid 8622] close(4 [pid 8624] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8622] <... close resumed>) = 0 [pid 8624] <... prctl resumed>) = 0 [pid 8622] mkdir("./file1", 0777 [pid 8624] setpgid(0, 0 [pid 8622] <... mkdir resumed>) = 0 [pid 8624] <... setpgid resumed>) = 0 [pid 8622] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8624] write(3, "1000", 4) = 4 [pid 8624] close(3) = 0 [pid 8624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8624] write(1, "executing program\n", 18) = 18 [pid 8624] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8624] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8624] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8625] <... rseq resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8626]}, 88) = 8626 [pid 8624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8624] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8624] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8626 attached [pid 8626] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8626] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8626] memfd_create("syzkaller", 0) = 3 [pid 8626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8626] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8620] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8625] set_robust_list(0x7f300ac489a0, 24 [pid 8620] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8618] <... futex resumed>) = ? [pid 8625] <... set_robust_list resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8626] <... write resumed>) = 131072 [pid 8625] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8627 attached [pid 8626] munmap(0x7f3002800000, 138412032 [pid 8625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8620] +++ killed by SIGSEGV +++ [pid 8618] +++ killed by SIGSEGV +++ [pid 8627] set_robust_list(0x55556b85b6a0, 24 [pid 8626] <... munmap resumed>) = 0 [pid 8625] memfd_create("syzkaller", 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8618, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 218.279572][ T8620] exFAT-fs (loop0): error, data size is invalid(9000) [ 218.286674][ T8620] exFAT-fs (loop0): Filesystem has been set read-only [ 218.317314][ T8622] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8626] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8627] <... set_robust_list resumed>) = 0 [pid 8625] <... memfd_create resumed>) = 3 [pid 8626] <... openat resumed>) = 4 [pid 8626] ioctl(4, LOOP_SET_FD, 3 [pid 8627] chdir("./244" [pid 8625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8627 [pid 8627] <... chdir resumed>) = 0 [pid 8625] <... mmap resumed>) = 0x7f3002800000 [pid 8627] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8626] <... ioctl resumed>) = 0 [pid 8627] <... prctl resumed>) = 0 [pid 8625] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8622] <... mount resumed>) = 0 [pid 8622] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8622] chdir("./file1") = 0 [pid 8622] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8622] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8622] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8621] <... futex resumed>) = 0 [pid 8626] close(3 [pid 8621] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8626] <... close resumed>) = 0 [pid 8622] <... futex resumed>) = 0 [pid 8621] <... futex resumed>) = 1 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8627] setpgid(0, 0 [pid 8625] <... write resumed>) = 131072 [pid 8622] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8621] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8627] <... setpgid resumed>) = 0 [pid 8625] munmap(0x7f3002800000, 138412032 [pid 5830] openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8626] close(4 [pid 5830] <... openat resumed>) = 3 [pid 8627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8626] <... close resumed>) = 0 [pid 8626] mkdir("./file1", 0777 [pid 8625] <... munmap resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8627] <... openat resumed>) = 3 [pid 8626] <... mkdir resumed>) = 0 [pid 8625] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8622] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8625] <... openat resumed>) = 4 [pid 8622] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 8622] <... futex resumed>) = 1 [pid 8621] <... futex resumed>) = 0 [pid 8627] write(3, "1000", 4 [pid 8625] ioctl(4, LOOP_SET_FD, 3 [pid 8622] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 218.336328][ T8626] loop4: detected capacity change from 0 to 256 [pid 8621] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8626] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8621] <... futex resumed>) = 0 [pid 8621] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8622] mkdir("./file2", 0777 [pid 8627] <... write resumed>) = 4 [pid 5830] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8627] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 8627] <... close resumed>) = 0 [pid 5830] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8627] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8627] <... symlink resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./241/file1", executing program [pid 8627] write(1, "executing program\n", 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8627] <... write resumed>) = 18 [pid 8625] <... ioctl resumed>) = 0 [pid 5830] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8627] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8625] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8627] <... futex resumed>) = 0 [pid 8625] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8627] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8625] close(4 [pid 5830] <... openat resumed>) = 4 [pid 8627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8625] <... close resumed>) = 0 [pid 8627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] newfstatat(4, "", [pid 8627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8625] mkdir("./file1", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8627] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] getdents64(4, [pid 8627] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8625] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8627] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] getdents64(4, [pid 8627] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 8627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8625] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./241/file1") = 0 [pid 5830] umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8628 attached [ 218.377117][ T8625] loop3: detected capacity change from 0 to 256 [ 218.380874][ T8622] exFAT-fs (loop2): error, data size is invalid(9000) [pid 5830] newfstatat(AT_FDCWD, "./241/binderfs", [pid 8628] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8627] <... clone3 resumed> => {parent_tid=[8628]}, 88) = 8628 [pid 8621] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8621] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8628] <... rseq resumed>) = 0 [pid 8627] rt_sigprocmask(SIG_SETMASK, [], [pid 8622] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8621] <... futex resumed>) = 0 [pid 5830] unlink("./241/binderfs" [pid 8621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8621] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8629]}, 88) = 8629 [pid 8621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8621] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8621] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8629 attached [pid 8629] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8629] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8628] set_robust_list(0x7f300ac489a0, 24 [pid 8627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8629] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8622] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8626] <... mount resumed>) = 0 [pid 8626] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8626] chdir("./file1") = 0 [pid 8626] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8629] <... ioctl resumed>) = ? [pid 8628] <... set_robust_list resumed>) = 0 [pid 8627] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8626] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8621] <... futex resumed>) = ? [pid 5830] getdents64(3, [pid 8629] +++ killed by SIGSEGV +++ [pid 8628] rt_sigprocmask(SIG_SETMASK, [], [pid 8627] <... futex resumed>) = 0 [pid 8626] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8627] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] close(3 [pid 8628] memfd_create("syzkaller", 0 [pid 8626] <... futex resumed>) = 1 [pid 8624] <... futex resumed>) = 0 [pid 8622] +++ killed by SIGSEGV +++ [pid 8621] +++ killed by SIGSEGV +++ [pid 5830] <... close resumed>) = 0 [pid 8624] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8621, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8624] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8628] <... memfd_create resumed>) = 3 [pid 5830] rmdir("./241" [pid 8628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8626] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] <... rmdir resumed>) = 0 [pid 8628] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8626] <... openat resumed>) = 4 [pid 5830] mkdir("./242", 0777 [ 218.420382][ T8626] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 218.439958][ T8622] exFAT-fs (loop2): Filesystem has been set read-only [ 218.443094][ T8625] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8626] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8628] <... write resumed>) = 131072 [pid 8626] <... futex resumed>) = 1 [pid 8624] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8626] mkdir("./file2", 0777 [pid 8624] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8628] munmap(0x7f3002800000, 138412032 [pid 8625] <... mount resumed>) = 0 [pid 8624] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8628] <... munmap resumed>) = 0 [pid 8625] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8624] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 8628] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8625] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8625] chdir("./file1" [pid 5830] <... ioctl resumed>) = 0 [pid 8625] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 5832] openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... close resumed>) = 0 [pid 8625] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8628] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8630 attached [pid 8628] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(3, "", [pid 8625] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8630 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8630] set_robust_list(0x55556b85b6a0, 24 [pid 8625] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = 0 [pid 8630] <... set_robust_list resumed>) = 0 [pid 8625] <... futex resumed>) = 1 [pid 8630] chdir("./242" [pid 8625] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8623] <... futex resumed>) = 0 [pid 5832] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8630] <... chdir resumed>) = 0 [pid 8623] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8630] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8625] <... futex resumed>) = 0 [pid 8623] <... futex resumed>) = 1 [pid 5832] newfstatat(AT_FDCWD, "./236/file1", [pid 8630] <... prctl resumed>) = 0 [pid 8625] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8623] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8630] setpgid(0, 0) = 0 [pid 5832] umount2("./236/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8628] <... ioctl resumed>) = 0 [pid 8625] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8630] <... openat resumed>) = 3 [pid 8628] close(3 [pid 8625] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./236/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8630] write(3, "1000", 4 [pid 8625] <... futex resumed>) = 1 [pid 8623] <... futex resumed>) = 0 [pid 8630] <... write resumed>) = 4 [pid 8628] <... close resumed>) = 0 [pid 8625] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8623] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] close(3 [pid 8628] close(4 [pid 8625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8623] <... futex resumed>) = 0 [pid 8630] <... close resumed>) = 0 [pid 8628] <... close resumed>) = 0 [pid 8630] symlink("/dev/binderfs", "./binderfs" [pid 8625] mkdir("./file2", 0777 [pid 8628] mkdir("./file1", 0777 [pid 8623] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8630] <... symlink resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [ 218.508675][ T8626] exFAT-fs (loop4): error, data size is invalid(9000) [ 218.515587][ T8626] exFAT-fs (loop4): Filesystem has been set read-only [ 218.534761][ T8628] loop1: detected capacity change from 0 to 256 [pid 8628] <... mkdir resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4executing program [pid 8630] write(1, "executing program\n", 18 [pid 8628] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5832] <... close resumed>) = 0 [pid 8630] <... write resumed>) = 18 [pid 8624] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] rmdir("./236/file1" [pid 8630] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8624] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 8630] <... futex resumed>) = 0 [pid 8624] <... futex resumed>) = 0 [pid 5832] umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8630] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8630] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8624] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] newfstatat(AT_FDCWD, "./236/binderfs", [pid 8630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8624] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8626] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8624] <... mprotect resumed>) = 0 [pid 5832] unlink("./236/binderfs" [pid 8626] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8624] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... unlink resumed>) = 0 [pid 8624] <... rt_sigprocmask resumed> ) = ? [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 8630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8625] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] rmdir("./236" [pid 8630] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8625] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8630] <... mprotect resumed>) = 0 [pid 8623] <... futex resumed>) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./237", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8626] +++ killed by SIGSEGV +++ [pid 8624] +++ killed by SIGSEGV +++ [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8624, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5832] close(3 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... close resumed>) = 0 [pid 8630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8631 attached [pid 8630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8632 attached [pid 8625] +++ killed by SIGSEGV +++ [pid 8623] +++ killed by SIGSEGV +++ [pid 5834] <... restart_syscall resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8631 [pid 8632] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8630] <... clone3 resumed> => {parent_tid=[8632]}, 88) = 8632 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8623, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8632] <... rseq resumed>) = 0 [pid 8630] rt_sigprocmask(SIG_SETMASK, [], [pid 8632] set_robust_list(0x7f300ac489a0, 24 [pid 8630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8632] <... set_robust_list resumed>) = 0 [pid 8630] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8630] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8632] rt_sigprocmask(SIG_SETMASK, [], [pid 8631] set_robust_list(0x55556b85b6a0, 24 [pid 8630] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... openat resumed>) = 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8631] <... set_robust_list resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 5833] openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8632] memfd_create("syzkaller", 0 [pid 8631] chdir("./237" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8632] <... memfd_create resumed>) = 3 [pid 8631] <... chdir resumed>) = 0 [pid 5834] getdents64(3, [pid 5833] <... openat resumed>) = 3 [ 218.564741][ T8625] exFAT-fs (loop3): error, data size is invalid(9000) [ 218.588641][ T8625] exFAT-fs (loop3): Filesystem has been set read-only [pid 8631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] newfstatat(3, "", [pid 8631] <... prctl resumed>) = 0 [pid 8631] setpgid(0, 0 [pid 5834] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8631] <... setpgid resumed>) = 0 [pid 5833] getdents64(3, [pid 8631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8631] <... openat resumed>) = 3 [pid 5833] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8631] write(3, "1000", 4) = 4 [pid 8631] close(3) = 0 [pid 8631] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8631] write(1, "executing program\n", 18) = 18 [pid 8631] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8631] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8631] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8631] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8632] <... mmap resumed>) = 0x7f3002800000 [pid 8632] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... umount2 resumed>) = 0 [pid 8631] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8633 attached [pid 5833] <... umount2 resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./242/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8632] <... write resumed>) = 131072 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./241/file1", [pid 5833] openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8631] <... clone3 resumed> => {parent_tid=[8633]}, 88) = 8633 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... openat resumed>) = 4 [pid 8633] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8631] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] newfstatat(4, "", [pid 8633] <... rseq resumed>) = 0 [pid 8631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8633] set_robust_list(0x7f300ac489a0, 24 [pid 8631] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(4, [pid 8633] <... set_robust_list resumed>) = 0 [pid 8631] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8633] rt_sigprocmask(SIG_SETMASK, [], [pid 8631] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... openat resumed>) = 4 [pid 5833] getdents64(4, [pid 8633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] newfstatat(4, "", [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8633] memfd_create("syzkaller", 0 [pid 8632] munmap(0x7f3002800000, 138412032 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] close(4 [pid 8628] <... mount resumed>) = 0 [pid 8632] <... munmap resumed>) = 0 [pid 8628] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 5833] rmdir("./242/file1" [pid 8633] <... memfd_create resumed>) = 3 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] <... rmdir resumed>) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] close(4 [pid 8633] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... close resumed>) = 0 [pid 5833] umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8632] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8628] <... openat resumed>) = 3 [pid 8633] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] rmdir("./241/file1" [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... rmdir resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 218.625688][ T8628] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] unlink("./242/binderfs" [pid 5834] umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... unlink resumed>) = 0 [pid 8633] <... write resumed>) = 131072 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8628] chdir("./file1" [pid 5834] newfstatat(AT_FDCWD, "./241/binderfs", [pid 8632] <... openat resumed>) = 4 [pid 5833] close(3 [pid 8632] ioctl(4, LOOP_SET_FD, 3 [pid 8628] <... chdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... close resumed>) = 0 [pid 5834] unlink("./241/binderfs" [pid 5833] rmdir("./242" [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8633] munmap(0x7f3002800000, 138412032 [pid 8628] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] mkdir("./243", 0777 [pid 8633] <... munmap resumed>) = 0 [pid 8628] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] getdents64(3, [pid 5833] <... mkdir resumed>) = 0 [pid 8628] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8627] <... futex resumed>) = 0 [pid 8628] <... futex resumed>) = 1 [pid 8627] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8628] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8627] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 8628] <... openat resumed>) = 4 [pid 8627] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] rmdir("./241" [pid 8633] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8628] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8633] <... openat resumed>) = 4 [pid 8632] <... ioctl resumed>) = 0 [pid 8628] <... futex resumed>) = 1 [pid 8627] <... futex resumed>) = 0 [pid 5834] mkdir("./242", 0777 [pid 8632] close(3 [pid 8628] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8627] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8632] <... close resumed>) = 0 [pid 8628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8627] <... futex resumed>) = 0 [pid 8632] close(4 [pid 8628] mkdir("./file2", 0777 [pid 8633] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... mkdir resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8632] <... close resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8632] mkdir("./file1", 0777 [pid 5834] <... openat resumed>) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 8632] <... mkdir resumed>) = 0 [pid 8632] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] <... ioctl resumed>) = 0 [pid 5834] close(3 [pid 5833] close(3 [pid 8627] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8635 attached [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8634 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8635 ./strace-static-x86_64: Process 8634 attached [pid 8635] set_robust_list(0x55556b85b6a0, 24 [pid 8634] set_robust_list(0x55556b85b6a0, 24) = 0 [ 218.690693][ T8632] loop0: detected capacity change from 0 to 256 [ 218.711632][ T8628] exFAT-fs (loop1): error, data size is invalid(9000) [ 218.718450][ T8628] exFAT-fs (loop1): Filesystem has been set read-only [ 218.722615][ T8633] loop2: detected capacity change from 0 to 256 [pid 8635] <... set_robust_list resumed>) = 0 [pid 8634] chdir("./242" [pid 8635] chdir("./243") = 0 [pid 8635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8635] setpgid(0, 0) = 0 [pid 8635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8635] write(3, "1000", 4 [pid 8633] <... ioctl resumed>) = 0 [pid 8635] <... write resumed>) = 4 [pid 8635] close(3) = 0 [pid 8634] <... chdir resumed>) = 0 [pid 8633] close(3 [pid 8635] symlink("/dev/binderfs", "./binderfs" [pid 8633] <... close resumed>) = 0 [pid 8635] <... symlink resumed>) = 0 [pid 8633] close(4) = 0 [pid 8633] mkdir("./file1", 0777) = 0 [pid 8635] write(1, "executing program\n", 18 [pid 8634] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 8635] <... write resumed>) = 18 [pid 8634] <... prctl resumed>) = 0 [pid 8633] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8635] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8634] setpgid(0, 0 [pid 8628] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8635] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8634] <... setpgid resumed>) = 0 [pid 8628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8635] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8627] <... futex resumed>) = ? [pid 8635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8628] +++ killed by SIGSEGV +++ [pid 8635] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8635] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8636 attached [pid 8627] +++ killed by SIGSEGV +++ [pid 8636] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8635] <... clone3 resumed> => {parent_tid=[8636]}, 88) = 8636 [pid 8634] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8627, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8636] <... rseq resumed>) = 0 [pid 8635] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8636] set_robust_list(0x7f300ac489a0, 24 [pid 8635] <... futex resumed>) = 0 [pid 8636] <... set_robust_list resumed>) = 0 [pid 8635] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8636] memfd_create("syzkaller", 0) = 3 [pid 8636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5831] umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8636] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8634] write(3, "1000", 4 [pid 8632] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8634] <... write resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8634] close(3 [pid 5831] <... openat resumed>) = 3 [pid 8634] <... close resumed>) = 0 [pid 8634] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8634] write(1, "executing program\n", 18) = 18 [pid 8636] <... write resumed>) = 131072 [ 218.761110][ T8632] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8634] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8636] munmap(0x7f3002800000, 138412032 [pid 8632] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8634] <... futex resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 8634] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8632] <... openat resumed>) = 3 [pid 8636] <... munmap resumed>) = 0 [pid 8632] chdir("./file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8636] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8632] <... chdir resumed>) = 0 [pid 5831] getdents64(3, [pid 8634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8636] <... openat resumed>) = 4 [pid 8632] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8636] ioctl(4, LOOP_SET_FD, 3 [pid 8634] <... mmap resumed>) = 0x7f300ac28000 [pid 8632] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8634] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8632] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8634] <... mprotect resumed>) = 0 [pid 8632] <... futex resumed>) = 1 [pid 8630] <... futex resumed>) = 0 [pid 8634] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8632] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8630] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8634] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8632] <... openat resumed>) = 4 [pid 8630] <... futex resumed>) = 0 [pid 8634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8633] <... mount resumed>) = 0 [pid 8632] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8637 attached [pid 8636] <... ioctl resumed>) = 0 [pid 8634] <... clone3 resumed> => {parent_tid=[8637]}, 88) = 8637 [pid 8633] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8632] <... futex resumed>) = 0 [pid 8630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... umount2 resumed>) = 0 [pid 8634] rt_sigprocmask(SIG_SETMASK, [], [pid 8633] <... openat resumed>) = 3 [pid 8632] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8630] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8637] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8633] chdir("./file1" [pid 8632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8630] <... futex resumed>) = 0 [pid 5831] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8637] set_robust_list(0x7f300ac489a0, 24 [pid 8636] close(3 [pid 8633] <... chdir resumed>) = 0 [pid 8632] mkdir("./file2", 0777 [ 218.829816][ T8633] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 218.859217][ T8636] loop3: detected capacity change from 0 to 256 [pid 8630] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8634] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8637] <... set_robust_list resumed>) = 0 [pid 8636] <... close resumed>) = 0 [pid 8633] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8636] close(4 [pid 8633] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] newfstatat(AT_FDCWD, "./244/file1", [pid 8636] <... close resumed>) = 0 [pid 8633] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8637] rt_sigprocmask(SIG_SETMASK, [], [pid 8636] mkdir("./file1", 0777 [pid 8634] <... futex resumed>) = 0 [pid 8633] <... futex resumed>) = 1 [pid 8631] <... futex resumed>) = 0 [pid 8637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8636] <... mkdir resumed>) = 0 [pid 8633] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8636] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8634] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8631] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8637] memfd_create("syzkaller", 0 [pid 8633] <... futex resumed>) = 0 [pid 8631] <... futex resumed>) = 1 [pid 5831] openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8637] <... memfd_create resumed>) = 3 [pid 8633] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8631] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... openat resumed>) = 4 [pid 8637] <... mmap resumed>) = 0x7f3002800000 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 8637] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 8637] <... write resumed>) = 131072 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8637] munmap(0x7f3002800000, 138412032 [pid 8633] <... openat resumed>) = 4 [pid 5831] close(4) = 0 [ 218.894636][ T8632] exFAT-fs (loop0): error, data size is invalid(9000) [ 218.931520][ T8633] exFAT-fs (loop2): error, data size is invalid(9000) [ 218.936413][ T8632] exFAT-fs (loop0): Filesystem has been set read-only [pid 5831] rmdir("./244/file1" [pid 8637] <... munmap resumed>) = 0 [pid 8633] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8633] <... futex resumed>) = 1 [pid 8633] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8631] <... futex resumed>) = 0 [pid 8631] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8633] <... futex resumed>) = 0 [pid 8631] <... futex resumed>) = 1 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8637] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8633] mkdir("./file2", 0777 [pid 8631] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(AT_FDCWD, "./244/binderfs", [pid 8637] <... openat resumed>) = 4 [pid 8632] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8637] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./244/binderfs") = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./244") = 0 [pid 5831] mkdir("./245", 0777 [pid 8632] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8630] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... mkdir resumed>) = 0 [pid 8630] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8637] <... ioctl resumed>) = 0 [pid 8633] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8637] close(3 [pid 8633] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8632] +++ killed by SIGSEGV +++ [pid 8630] +++ killed by SIGSEGV +++ [pid 8637] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8630, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8637] close(4 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8637] <... close resumed>) = 0 [pid 8633] +++ killed by SIGSEGV +++ [pid 8631] <... futex resumed>) = ? [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8637] mkdir("./file1", 0777 [pid 8631] +++ killed by SIGSEGV +++ [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8637] <... mkdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8631, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] close(3 [pid 8637] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8638 attached [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./242/file1", [pid 8638] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8638] chdir("./245" [pid 5832] openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8638 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 218.938330][ T8633] exFAT-fs (loop2): Filesystem has been set read-only [ 218.953457][ T8637] loop4: detected capacity change from 0 to 256 [ 218.979060][ T8636] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8638] <... chdir resumed>) = 0 [pid 8636] <... mount resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] getdents64(3, [pid 5830] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8638] setpgid(0, 0 [pid 5832] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 8638] <... setpgid resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./242/file1") = 0 [pid 5830] umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./242/binderfs", [pid 8638] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8638] write(3, "1000", 4 [pid 5830] unlink("./242/binderfs" [pid 8638] <... write resumed>) = 4 [pid 8638] close(3) = 0 [pid 8638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8636] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8636] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8636] chdir("./file1" [pid 5830] close(3 [pid 8636] <... chdir resumed>) = 0 [pid 8638] write(1, "executing program\n", 18 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./242" [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8636] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./243", 0777executing program [pid 8638] <... write resumed>) = 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./237/file1", [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8638] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] umount2("./237/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8638] <... futex resumed>) = 0 [pid 8638] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8638] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8636] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "./237/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8638] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8636] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(4, "", [pid 5830] <... ioctl resumed>) = 0 [pid 8636] <... futex resumed>) = 1 [pid 8635] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] close(3 [pid 8636] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8635] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, ./strace-static-x86_64: Process 8639 attached [pid 8638] <... clone3 resumed> => {parent_tid=[8639]}, 88) = 8639 [pid 8636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8635] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8636] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8635] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8638] rt_sigprocmask(SIG_SETMASK, [], [pid 8639] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8639] <... rseq resumed>) = 0 [pid 8638] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8639] set_robust_list(0x7f300ac489a0, 24 [pid 8638] <... futex resumed>) = 0 [pid 8639] <... set_robust_list resumed>) = 0 [pid 8638] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8639] memfd_create("syzkaller", 0 [pid 8637] <... mount resumed>) = 0 [pid 8639] <... memfd_create resumed>) = 3 [ 219.043298][ T8637] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8639] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8637] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8639] <... write resumed>) = 131072 [pid 8637] <... openat resumed>) = 3 [pid 8637] chdir("./file1") = 0 [pid 8637] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8637] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8634] <... futex resumed>) = 0 [pid 8634] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8634] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8637] <... futex resumed>) = 1 [pid 8637] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 8639] munmap(0x7f3002800000, 138412032 [pid 8636] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8639] <... munmap resumed>) = 0 [pid 8637] <... openat resumed>) = 4 [pid 8637] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8634] <... futex resumed>) = 0 [pid 8634] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8634] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8637] <... futex resumed>) = 1 [pid 8639] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8637] mkdir("./file2", 0777 [pid 8636] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8640 attached [pid 8639] <... openat resumed>) = 4 [pid 8636] <... futex resumed>) = 1 [pid 5832] <... close resumed>) = 0 [pid 8639] ioctl(4, LOOP_SET_FD, 3 [pid 8640] set_robust_list(0x55556b85b6a0, 24 [pid 8636] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8635] <... futex resumed>) = 0 [pid 5832] rmdir("./237/file1" [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8640 [pid 8640] <... set_robust_list resumed>) = 0 [pid 8635] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8637] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8640] chdir("./243" [pid 8636] <... futex resumed>) = 0 [pid 8635] <... futex resumed>) = 1 [pid 5832] <... rmdir resumed>) = 0 [pid 8640] <... chdir resumed>) = 0 [pid 8636] mkdir("./file2", 0777 [pid 8635] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8637] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8637] +++ killed by SIGSEGV +++ [pid 8634] <... futex resumed>) = ? [pid 8634] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8634, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8640] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8640] <... prctl resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./237/binderfs", [pid 8640] setpgid(0, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] unlink("./237/binderfs" [pid 5834] getdents64(3, [pid 8640] <... setpgid resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... unlink resumed>) = 0 [pid 8640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [ 219.094373][ T8637] exFAT-fs (loop4): error, data size is invalid(9000) [ 219.106548][ T8637] exFAT-fs (loop4): Filesystem has been set read-only [ 219.118193][ T8639] loop1: detected capacity change from 0 to 256 [ 219.126022][ T8636] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5832] close(3 [pid 8639] <... ioctl resumed>) = 0 [pid 8640] <... openat resumed>) = 3 [pid 5834] <... umount2 resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5834] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./242/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8640] write(3, "1000", 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./237" [pid 8640] <... write resumed>) = 4 [pid 8639] close(3 [pid 5834] openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... rmdir resumed>) = 0 [pid 8640] close(3 [pid 8639] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5832] mkdir("./238", 0777 [pid 8639] close(4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8640] <... close resumed>) = 0 [pid 8639] <... close resumed>) = 0 [pid 5834] rmdir("./242/file1" [pid 8640] symlink("/dev/binderfs", "./binderfs" [pid 8639] mkdir("./file1", 0777 [pid 5834] <... rmdir resumed>) = 0 [pid 8640] <... symlink resumed>) = 0 [pid 8639] <... mkdir resumed>) = 0 executing program [pid 8636] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8635] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8640] write(1, "executing program\n", 18) = 18 [pid 8636] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8635] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 3 [pid 8635] <... futex resumed>) = 0 [pid 8640] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8640] <... futex resumed>) = 0 [pid 8635] <... mmap resumed>) = ? [pid 5832] <... ioctl resumed>) = 0 [pid 8636] +++ killed by SIGSEGV +++ [pid 5832] close(3 [pid 8639] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8635] +++ killed by SIGSEGV +++ [pid 5832] <... close resumed>) = 0 [pid 8640] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8635, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5834] unlink("./242/binderfs") = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8641 ./strace-static-x86_64: Process 8641 attached [ 219.149942][ T8636] exFAT-fs (loop3): Filesystem has been set read-only [pid 8641] set_robust_list(0x55556b85b6a0, 24 [pid 8640] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] getdents64(3, [pid 8641] <... set_robust_list resumed>) = 0 [pid 8640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8641] chdir("./238" [pid 8640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8640] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] close(3 [pid 5833] <... openat resumed>) = 3 [pid 8641] <... chdir resumed>) = 0 [pid 8640] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... close resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8640] <... mprotect resumed>) = 0 [pid 5834] rmdir("./242" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8641] <... prctl resumed>) = 0 [pid 8641] setpgid(0, 0 [pid 8640] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... rmdir resumed>) = 0 [pid 8641] <... setpgid resumed>) = 0 [pid 5834] mkdir("./243", 0777 [pid 8641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... mkdir resumed>) = 0 [pid 5833] getdents64(3, [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] close(3) = 0 [pid 8641] <... openat resumed>) = 3 [pid 8640] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8639] <... mount resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8639] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8639] chdir("./file1") = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8642 [pid 8639] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8642 attached ) = -1 EBUSY (Device or resource busy) [pid 8639] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8642] set_robust_list(0x55556b85b6a0, 24 [pid 8639] <... futex resumed>) = 1 [pid 8638] <... futex resumed>) = 0 [pid 8642] <... set_robust_list resumed>) = 0 [pid 8639] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8638] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8642] chdir("./243" [pid 8639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8642] <... chdir resumed>) = 0 [pid 8639] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8638] <... futex resumed>) = 0 [pid 8642] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8641] write(3, "1000", 4 [pid 8640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [ 219.208504][ T8639] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8638] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8643 attached [pid 8642] <... prctl resumed>) = 0 [pid 8641] <... write resumed>) = 4 [pid 8639] <... openat resumed>) = 4 [pid 5833] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8642] setpgid(0, 0 [pid 8639] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8642] <... setpgid resumed>) = 0 [pid 8641] close(3 [pid 8640] <... clone3 resumed> => {parent_tid=[8643]}, 88) = 8643 [pid 8639] <... futex resumed>) = 1 [pid 8638] <... futex resumed>) = 0 [pid 8642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8641] <... close resumed>) = 0 [pid 8640] rt_sigprocmask(SIG_SETMASK, [], [pid 8639] mkdir("./file2", 0777 [pid 8638] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8641] symlink("/dev/binderfs", "./binderfs" [pid 8640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8638] <... futex resumed>) = 0 [pid 8641] <... symlink resumed>) = 0 [pid 8640] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8638] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8643] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8641] write(1, "executing program\n", 18 [pid 8640] <... futex resumed>) = 0 [pid 8643] <... rseq resumed>) = 0 [pid 8641] <... write resumed>) = 18 [pid 8640] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8643] set_robust_list(0x7f300ac489a0, 24 [pid 8641] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8643] <... set_robust_list resumed>) = 0 [pid 8641] <... futex resumed>) = 0 [pid 8643] rt_sigprocmask(SIG_SETMASK, [], [pid 8641] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8641] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8643] memfd_create("syzkaller", 0 [pid 8641] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8643] <... memfd_create resumed>) = 3 [pid 8641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8642] <... openat resumed>) = 3 [pid 8643] <... mmap resumed>) = 0x7f3002800000 [pid 8641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8642] write(3, "1000", 4 [pid 8641] <... mmap resumed>) = 0x7f300ac28000 [pid 8642] <... write resumed>) = 4 [pid 8641] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8642] close(3 [pid 8641] <... mprotect resumed>) = 0 [pid 8642] <... close resumed>) = 0 [pid 8641] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8642] symlink("/dev/binderfs", "./binderfs" [pid 8643] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8642] <... symlink resumed>) = 0 [pid 8641] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8643] <... write resumed>) = 131072 [pid 8642] write(1, "executing program\n", 18 [pid 8641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8643] munmap(0x7f3002800000, 138412032) = 0 [pid 8641] <... clone3 resumed> => {parent_tid=[8644]}, 88) = 8644 [pid 8643] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8641] rt_sigprocmask(SIG_SETMASK, [], [pid 8643] <... openat resumed>) = 4 [pid 8641] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 8643] ioctl(4, LOOP_SET_FD, 3 [pid 8641] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8644 attached [pid 8642] <... write resumed>) = 18 [pid 8641] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8644] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8642] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8639] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] newfstatat(AT_FDCWD, "./243/file1", [pid 8644] <... rseq resumed>) = 0 [pid 8642] <... futex resumed>) = 0 [pid 8639] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8644] set_robust_list(0x7f300ac489a0, 24 [pid 8642] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8644] <... set_robust_list resumed>) = 0 [pid 8642] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8641] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8639] +++ killed by SIGSEGV +++ [pid 8638] <... futex resumed>) = ? [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8644] rt_sigprocmask(SIG_SETMASK, [], [pid 8642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8638] +++ killed by SIGSEGV +++ [pid 5833] openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8638, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8644] memfd_create("syzkaller", 0 [pid 8642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] newfstatat(4, "", [pid 8644] <... memfd_create resumed>) = 3 [pid 8644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8642] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8644] <... mmap resumed>) = 0x7f3002800000 [pid 8642] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8642] <... mprotect resumed>) = 0 [pid 5833] getdents64(4, [pid 8642] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8642] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(4 [pid 8644] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8645 attached [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./243/file1" [pid 8642] <... clone3 resumed> => {parent_tid=[8645]}, 88) = 8645 [pid 5831] umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8645] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8642] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8645] <... rseq resumed>) = 0 [pid 8642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8645] set_robust_list(0x7f300ac489a0, 24 [pid 8644] <... write resumed>) = 131072 [pid 8642] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8643] <... ioctl resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 8645] <... set_robust_list resumed>) = 0 [pid 8642] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./243/binderfs", [pid 5831] newfstatat(3, "", [pid 8645] rt_sigprocmask(SIG_SETMASK, [], [pid 8643] close(3 [pid 8642] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8644] munmap(0x7f3002800000, 138412032 [pid 8643] <... close resumed>) = 0 [pid 5833] unlink("./243/binderfs" [pid 5831] getdents64(3, [pid 8645] memfd_create("syzkaller", 0 [pid 8644] <... munmap resumed>) = 0 [pid 8643] close(4 [pid 5833] <... unlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8643] <... close resumed>) = 0 [pid 5833] getdents64(3, [pid 5831] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8645] <... memfd_create resumed>) = 3 [pid 8643] mkdir("./file1", 0777 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8644] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] rmdir("./243" [pid 5831] newfstatat(AT_FDCWD, "./245/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] mkdir("./244", 0777 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 219.265735][ T8639] exFAT-fs (loop1): error, data size is invalid(9000) [ 219.292320][ T8639] exFAT-fs (loop1): Filesystem has been set read-only [ 219.297606][ T8643] loop0: detected capacity change from 0 to 256 [pid 8644] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] getdents64(4, [pid 5833] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8644] ioctl(4, LOOP_SET_FD, 3 [pid 8643] <... mkdir resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] getdents64(4, [pid 5833] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./245/file1") = 0 [pid 5831] umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8645] <... mmap resumed>) = 0x7f3002800000 [pid 8644] <... ioctl resumed>) = 0 [pid 8643] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] close(3 [pid 5831] unlink("./245/binderfs" [pid 5833] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] rmdir("./245" [pid 8645] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./246", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [ 219.348444][ T8644] loop2: detected capacity change from 0 to 256 [ 219.386995][ T8643] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] close(3) = 0 ./strace-static-x86_64: Process 8646 attached [pid 8645] <... write resumed>) = 131072 [pid 8644] close(3 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8646 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8645] munmap(0x7f3002800000, 138412032 [pid 8644] <... close resumed>) = 0 [pid 8646] set_robust_list(0x55556b85b6a0, 24 [pid 8644] close(4./strace-static-x86_64: Process 8647 attached [pid 8647] set_robust_list(0x55556b85b6a0, 24 [pid 8646] <... set_robust_list resumed>) = 0 [pid 8645] <... munmap resumed>) = 0 [pid 8644] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8647 [pid 8647] <... set_robust_list resumed>) = 0 [pid 8647] chdir("./246" [pid 8646] chdir("./244" [pid 8645] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8644] mkdir("./file1", 0777 [pid 8647] <... chdir resumed>) = 0 [pid 8647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8646] <... chdir resumed>) = 0 [pid 8644] <... mkdir resumed>) = 0 [pid 8645] <... openat resumed>) = 4 [pid 8647] <... prctl resumed>) = 0 [pid 8646] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8645] ioctl(4, LOOP_SET_FD, 3 [pid 8644] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8647] setpgid(0, 0 [pid 8646] <... prctl resumed>) = 0 [pid 8647] <... setpgid resumed>) = 0 [pid 8647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8647] write(3, "1000", 4) = 4 [pid 8647] close(3 [pid 8646] setpgid(0, 0 [pid 8647] <... close resumed>) = 0 [pid 8647] symlink("/dev/binderfs", "./binderfs" [pid 8646] <... setpgid resumed>) = 0 [pid 8647] <... symlink resumed>) = 0 [pid 8646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 8647] write(1, "executing program\n", 18 [pid 8646] <... openat resumed>) = 3 [pid 8647] <... write resumed>) = 18 [pid 8647] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8646] write(3, "1000", 4 [pid 8647] <... futex resumed>) = 0 [pid 8647] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8646] <... write resumed>) = 4 [pid 8647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8646] close(3 [pid 8647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8646] <... close resumed>) = 0 [pid 8647] <... mmap resumed>) = 0x7f300ac28000 [pid 8647] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8646] symlink("/dev/binderfs", "./binderfs" [pid 8647] <... mprotect resumed>) = 0 [pid 8643] <... mount resumed>) = 0 executing program [pid 8647] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8646] <... symlink resumed>) = 0 [pid 8645] <... ioctl resumed>) = 0 [pid 8643] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8646] write(1, "executing program\n", 18 [pid 8645] close(3 [pid 8643] <... openat resumed>) = 3 [pid 8646] <... write resumed>) = 18 [pid 8645] <... close resumed>) = 0 [pid 8646] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8645] close(4 [pid 8643] chdir("./file1" [pid 8646] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8645] <... close resumed>) = 0 [pid 8643] <... chdir resumed>) = 0 [pid 8646] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8645] mkdir("./file1", 0777 [pid 8643] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8647] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8645] <... mkdir resumed>) = 0 [pid 8643] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8648 attached [pid 8647] <... clone3 resumed> => {parent_tid=[8648]}, 88) = 8648 [pid 8648] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8647] rt_sigprocmask(SIG_SETMASK, [], [pid 8648] <... rseq resumed>) = 0 [pid 8647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8648] set_robust_list(0x7f300ac489a0, 24 [pid 8647] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] <... set_robust_list resumed>) = 0 [pid 8647] <... futex resumed>) = 0 [pid 8648] rt_sigprocmask(SIG_SETMASK, [], [pid 8647] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8648] memfd_create("syzkaller", 0) = 3 [pid 8646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8645] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8644] <... mount resumed>) = 0 [pid 8643] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8646] <... mmap resumed>) = 0x7f300ac28000 [pid 8643] <... futex resumed>) = 1 [pid 8646] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8643] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8644] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8646] <... mprotect resumed>) = 0 [pid 8646] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8644] <... openat resumed>) = 3 [pid 8640] <... futex resumed>) = 0 [pid 8644] chdir("./file1" [pid 8646] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8644] <... chdir resumed>) = 0 [pid 8644] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8640] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8649 attached [pid 8644] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8643] <... futex resumed>) = 0 [pid 8640] <... futex resumed>) = 1 [pid 8649] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8646] <... clone3 resumed> => {parent_tid=[8649]}, 88) = 8649 [pid 8644] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8643] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8640] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8648] <... mmap resumed>) = 0x7f3002800000 [pid 8648] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8649] <... rseq resumed>) = 0 [pid 8648] munmap(0x7f3002800000, 138412032 [ 219.415928][ T8645] loop4: detected capacity change from 0 to 256 [ 219.443651][ T8644] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8646] rt_sigprocmask(SIG_SETMASK, [], [pid 8644] <... futex resumed>) = 1 [pid 8643] <... openat resumed>) = 4 [pid 8641] <... futex resumed>) = 0 [pid 8649] set_robust_list(0x7f300ac489a0, 24 [pid 8648] <... munmap resumed>) = 0 [pid 8646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8643] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8646] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8643] <... futex resumed>) = 1 [pid 8643] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8646] <... futex resumed>) = 0 [pid 8646] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8641] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8640] <... futex resumed>) = 0 [pid 8644] <... futex resumed>) = 0 [pid 8641] <... futex resumed>) = 1 [pid 8640] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8644] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8643] <... futex resumed>) = 0 [pid 8641] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8640] <... futex resumed>) = 1 [pid 8643] mkdir("./file2", 0777 [pid 8640] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8649] <... set_robust_list resumed>) = 0 [pid 8648] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8649] rt_sigprocmask(SIG_SETMASK, [], [pid 8648] <... openat resumed>) = 4 [pid 8649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8648] ioctl(4, LOOP_SET_FD, 3 [pid 8645] <... mount resumed>) = 0 [pid 8644] <... openat resumed>) = 4 [pid 8643] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8649] memfd_create("syzkaller", 0 [pid 8645] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8644] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8643] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8649] <... memfd_create resumed>) = 3 [pid 8645] <... openat resumed>) = 3 [pid 8644] <... futex resumed>) = 1 [pid 8641] <... futex resumed>) = 0 [pid 8640] <... futex resumed>) = ? [pid 8649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8648] <... ioctl resumed>) = 0 [pid 8645] chdir("./file1" [pid 8644] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8641] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8649] <... mmap resumed>) = 0x7f3002800000 [pid 8648] close(3 [pid 8644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8641] <... futex resumed>) = 0 [pid 8648] <... close resumed>) = 0 [pid 8645] <... chdir resumed>) = 0 [pid 8644] mkdir("./file2", 0777 [pid 8643] +++ killed by SIGSEGV +++ [pid 8641] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8640] +++ killed by SIGSEGV +++ [ 219.495808][ T8645] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 219.512905][ T8643] exFAT-fs (loop0): error, data size is invalid(9000) [ 219.520743][ T8643] exFAT-fs (loop0): Filesystem has been set read-only [ 219.525647][ T8648] loop1: detected capacity change from 0 to 256 [pid 8649] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8648] close(4 [pid 8645] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8649] <... write resumed>) = 131072 [pid 8648] <... close resumed>) = 0 [pid 8645] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8648] mkdir("./file1", 0777 [pid 8645] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] <... mkdir resumed>) = 0 [pid 8645] <... futex resumed>) = 1 [pid 8645] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8642] <... futex resumed>) = 0 [pid 8642] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8645] <... futex resumed>) = 0 [pid 8642] <... futex resumed>) = 1 [pid 8645] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8642] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8645] <... openat resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8640, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8649] munmap(0x7f3002800000, 138412032 [pid 8648] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5830] <... restart_syscall resumed>) = 0 [pid 8649] <... munmap resumed>) = 0 [pid 8645] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8645] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8642] <... futex resumed>) = 0 [pid 8649] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8642] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8649] <... openat resumed>) = 4 [pid 8645] <... futex resumed>) = 0 [pid 8642] <... futex resumed>) = 1 [pid 5830] openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8649] ioctl(4, LOOP_SET_FD, 3 [pid 8645] mkdir("./file2", 0777 [pid 8642] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 3 [pid 8644] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] newfstatat(3, "", [pid 8644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8649] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8641] <... futex resumed>) = ? [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8649] close(3 [pid 8644] +++ killed by SIGSEGV +++ [pid 8641] +++ killed by SIGSEGV +++ [pid 5830] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8641, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8649] <... close resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8649] close(4) = 0 [pid 8649] mkdir("./file1", 0777 [pid 5832] <... restart_syscall resumed>) = 0 [ 219.552934][ T8644] exFAT-fs (loop2): error, data size is invalid(9000) [ 219.569825][ T8644] exFAT-fs (loop2): Filesystem has been set read-only [ 219.571409][ T8649] loop3: detected capacity change from 0 to 256 [ 219.583951][ T8645] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8649] <... mkdir resumed>) = 0 [pid 8649] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8648] <... mount resumed>) = 0 [pid 8642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = 0 [pid 8648] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8642] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] <... openat resumed>) = 3 [pid 8642] <... futex resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8648] chdir("./file1" [pid 8642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 219.606043][ T8648] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 219.631276][ T8645] exFAT-fs (loop4): Filesystem has been set read-only [pid 5832] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8648] <... chdir resumed>) = 0 [pid 8645] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8642] <... mmap resumed>) = 0x7f300ac07000 [pid 8642] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8650 attached => {parent_tid=[8650]}, 88) = 8650 [pid 8650] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8642] rt_sigprocmask(SIG_SETMASK, [], [pid 8650] <... rseq resumed>) = 0 [pid 8642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] set_robust_list(0x7f300ac279a0, 24 [pid 8642] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... set_robust_list resumed>) = 0 [pid 8642] <... futex resumed>) = 0 [pid 8650] rt_sigprocmask(SIG_SETMASK, [], [pid 8642] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 5830] newfstatat(AT_FDCWD, "./243/file1", [pid 8650] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8645] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8648] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(4, "", [pid 8648] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8648] <... futex resumed>) = 1 [pid 8647] <... futex resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] getdents64(4, [pid 8650] <... futex resumed>) = ? [pid 8648] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8647] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8642] <... futex resumed>) = ? [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8649] <... mount resumed>) = 0 [pid 8648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8647] <... futex resumed>) = 0 [pid 8645] +++ killed by SIGSEGV +++ [pid 5830] close(4 [pid 8647] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... close resumed>) = 0 [pid 8648] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./243/file1" [pid 8650] +++ killed by SIGSEGV +++ [pid 8649] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8642] +++ killed by SIGSEGV +++ [pid 5830] <... rmdir resumed>) = 0 [pid 8649] <... openat resumed>) = 3 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8642, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5830] umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8649] chdir("./file1" [pid 8648] <... openat resumed>) = 4 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8649] <... chdir resumed>) = 0 [pid 8648] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8649] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8648] <... futex resumed>) = 1 [pid 8647] <... futex resumed>) = 0 [pid 5830] unlink("./243/binderfs" [pid 8649] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8648] mkdir("./file2", 0777 [pid 8647] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8649] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5834] openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5834] newfstatat(3, "", [pid 5830] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] rmdir("./243" [pid 5834] getdents64(3, [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] mkdir("./244", 0777 [pid 5834] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8649] <... futex resumed>) = 1 [pid 8647] <... futex resumed>) = 0 [pid 8646] <... futex resumed>) = 0 [pid 5832] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 8649] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8647] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8646] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8646] <... futex resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8646] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ioctl resumed>) = 0 [ 219.661234][ T8649] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 219.689968][ T8648] exFAT-fs (loop1): error, data size is invalid(9000) [pid 5834] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./243/file1", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8651 attached [pid 8649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./238/file1", [pid 8651] set_robust_list(0x55556b85b6a0, 24 [pid 5834] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8651 [pid 8651] <... set_robust_list resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8651] chdir("./244" [pid 5834] openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8649] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8651] <... chdir resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] newfstatat(4, "", [pid 8651] <... prctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8651] setpgid(0, 0 [pid 5834] getdents64(4, [pid 8651] <... setpgid resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] getdents64(4, [pid 8651] <... openat resumed>) = 3 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 8651] write(3, "1000", 4 [pid 5834] rmdir("./243/file1" [pid 8651] <... write resumed>) = 4 [pid 5834] <... rmdir resumed>) = 0 [pid 8651] close(3) = 0 [pid 5834] umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8651] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8651] <... symlink resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./243/binderfs", [pid 8651] write(1, "executing program\n", 18 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8651] <... write resumed>) = 18 [pid 8649] <... openat resumed>) = 4 [pid 8648] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] unlink("./243/binderfs" [pid 5832] umount2("./238/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8651] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8649] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... unlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8651] <... futex resumed>) = 0 [pid 8649] <... futex resumed>) = 1 [pid 8647] <... futex resumed>) = ? [pid 8646] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./238/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 219.708714][ T8648] exFAT-fs (loop1): Filesystem has been set read-only [pid 8651] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8649] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8648] +++ killed by SIGSEGV +++ [pid 5834] getdents64(3, [pid 8651] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8647] +++ killed by SIGSEGV +++ [pid 8646] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 8649] mkdir("./file2", 0777 [pid 8646] <... futex resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 8646] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8647, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] getdents64(4, [pid 8651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8651] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] getdents64(4, [pid 5831] umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8651] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8651] <... mprotect resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8651] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] getdents64(3, [pid 8651] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] close(3 [pid 5831] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... close resumed>) = 0 [pid 8651] <... clone3 resumed> => {parent_tid=[8652]}, 88) = 8652 [pid 5834] rmdir("./243" [pid 8651] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... rmdir resumed>) = 0 [pid 8651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8651] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mkdir("./244", 0777./strace-static-x86_64: Process 8652 attached [pid 8651] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8652] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5832] close(4 [pid 5831] <... umount2 resumed>) = 0 [pid 8652] <... rseq resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8652] set_robust_list(0x7f300ac489a0, 24 [pid 5834] <... openat resumed>) = 3 [pid 5832] rmdir("./238/file1" [pid 5831] newfstatat(AT_FDCWD, "./246/file1", [pid 8652] <... set_robust_list resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8652] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8652] memfd_create("syzkaller", 0 [pid 5834] <... close resumed>) = 0 [pid 5832] umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./246/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", ./strace-static-x86_64: Process 8653 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./246/file1") = 0 [pid 8653] set_robust_list(0x55556b85b6a0, 24 [pid 5831] umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8653] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8653] chdir("./244" [pid 8652] <... memfd_create resumed>) = 3 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8653 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./246/binderfs", [pid 8653] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8653] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] unlink("./246/binderfs") = 0 [pid 8653] <... prctl resumed>) = 0 [pid 5831] getdents64(3, [pid 8653] setpgid(0, 0 [pid 8652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] newfstatat(AT_FDCWD, "./238/binderfs", [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8653] <... setpgid resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 8652] <... mmap resumed>) = 0x7f3002800000 [pid 5832] unlink("./238/binderfs" [pid 8653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./246" [pid 8652] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] getdents64(3, [pid 5831] <... rmdir resumed>) = 0 [pid 8653] <... openat resumed>) = 3 [pid 5831] mkdir("./247", 0777) = 0 [pid 8653] write(3, "1000", 4) = 4 [pid 8653] close(3) = 0 [pid 8653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8653] write(1, "executing program\n", 18 [pid 8652] <... write resumed>) = 131072 [pid 8646] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8652] munmap(0x7f3002800000, 138412032 [pid 8649] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8646] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 5832] close(3 [pid 8653] <... write resumed>) = 18 [pid 8652] <... munmap resumed>) = 0 [pid 8649] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8646] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8653] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./238" [pid 5831] <... ioctl resumed>) = 0 [pid 8653] <... futex resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5832] mkdir("./239", 0777 [pid 8652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8653] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8652] ioctl(4, LOOP_SET_FD, 3 [pid 8653] <... rt_sigaction resumed>NULL, 8) = 0 [ 219.740591][ T8649] exFAT-fs (loop3): error, data size is invalid(9000) [ 219.780364][ T8649] exFAT-fs (loop3): Filesystem has been set read-only [pid 8653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 8653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8653] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8653] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8653] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8649] +++ killed by SIGSEGV +++ [pid 8646] +++ killed by SIGSEGV +++ [pid 5832] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8654 attached [pid 8652] <... ioctl resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8646, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8654] set_robust_list(0x55556b85b6a0, 24 [pid 8652] close(3 [pid 5832] <... openat resumed>) = 3 [pid 8652] <... close resumed>) = 0 [pid 5833] umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8654] <... set_robust_list resumed>) = 0 [pid 8653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8652] close(4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8655 attached [pid 8654] chdir("./247" [pid 8652] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] close(3 [pid 8654] <... chdir resumed>) = 0 [pid 8653] <... clone3 resumed> => {parent_tid=[8655]}, 88) = 8655 [pid 8652] mkdir("./file1", 0777 [pid 5833] <... openat resumed>) = 3 [pid 8655] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8653] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8654 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] getdents64(3, [pid 8655] <... rseq resumed>) = 0 [pid 8653] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8655] set_robust_list(0x7f300ac489a0, 24 [pid 8653] <... futex resumed>) = 0 [pid 5833] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8655] <... set_robust_list resumed>) = 0 [pid 8653] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8655] memfd_create("syzkaller", 0) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8654] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 8656 attached [pid 8655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8654] <... prctl resumed>) = 0 [pid 8652] <... mkdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8656 [pid 8654] setpgid(0, 0 [pid 8655] <... mmap resumed>) = 0x7f3002800000 [pid 8654] <... setpgid resumed>) = 0 [pid 8656] set_robust_list(0x55556b85b6a0, 24 [pid 8654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8652] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8656] <... set_robust_list resumed>) = 0 [pid 8656] chdir("./239" [pid 8654] <... openat resumed>) = 3 [pid 8654] write(3, "1000", 4) = 4 [pid 8656] <... chdir resumed>) = 0 [pid 8655] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8654] close(3 [pid 5833] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8654] <... close resumed>) = 0 [pid 8656] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8655] <... write resumed>) = 131072 [pid 8654] symlink("/dev/binderfs", "./binderfs" [pid 8656] <... prctl resumed>) = 0 [pid 8654] <... symlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8656] setpgid(0, 0 [ 219.808078][ T8652] loop0: detected capacity change from 0 to 256 [pid 5833] newfstatat(AT_FDCWD, "./244/file1", executing program [pid 8656] <... setpgid resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8655] munmap(0x7f3002800000, 138412032 [pid 5833] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8655] <... munmap resumed>) = 0 [pid 8654] write(1, "executing program\n", 18 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8654] <... write resumed>) = 18 [pid 8654] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8656] <... openat resumed>) = 3 [pid 8654] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 8654] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] newfstatat(4, "", [pid 8654] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] getdents64(4, [pid 8655] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8656] write(3, "1000", 4 [pid 8655] <... openat resumed>) = 4 [pid 8654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] getdents64(4, [pid 8656] <... write resumed>) = 4 [pid 8655] ioctl(4, LOOP_SET_FD, 3 [pid 8654] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8656] close(3 [pid 8654] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8656] <... close resumed>) = 0 [pid 8654] <... mprotect resumed>) = 0 [pid 5833] close(4 [pid 8656] symlink("/dev/binderfs", "./binderfs" [pid 8654] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... close resumed>) = 0 [pid 8656] <... symlink resumed>) = 0 [pid 8654] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] rmdir("./244/file1" [pid 8656] write(1, "executing program\n", 18 [pid 8655] <... ioctl resumed>) = 0 [pid 8654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}executing program [pid 8656] <... write resumed>) = 18 [pid 5833] <... rmdir resumed>) = 0 [pid 8656] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8657 attached [pid 8656] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8656] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8655] close(3 [pid 8654] <... clone3 resumed> => {parent_tid=[8657]}, 88) = 8657 [pid 5833] newfstatat(AT_FDCWD, "./244/binderfs", [pid 8656] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] unlink("./244/binderfs" [pid 8656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8657] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8655] <... close resumed>) = 0 [pid 8654] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] getdents64(3, [pid 8657] <... rseq resumed>) = 0 [pid 8656] <... mmap resumed>) = 0x7f300ac28000 [pid 8655] close(4 [pid 8654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8657] set_robust_list(0x7f300ac489a0, 24 [pid 8656] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8655] <... close resumed>) = 0 [pid 8654] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 8657] <... set_robust_list resumed>) = 0 [pid 8656] <... mprotect resumed>) = 0 [pid 8655] mkdir("./file1", 0777 [pid 5833] <... close resumed>) = 0 [pid 8657] rt_sigprocmask(SIG_SETMASK, [], [pid 8656] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8655] <... mkdir resumed>) = 0 [pid 8654] <... futex resumed>) = 0 [pid 8657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8656] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] rmdir("./244" [pid 8656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8658 attached [pid 5833] mkdir("./245", 0777 [pid 8656] <... clone3 resumed> => {parent_tid=[8658]}, 88) = 8658 [pid 8655] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5833] <... mkdir resumed>) = 0 [pid 8658] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8657] memfd_create("syzkaller", 0 [pid 8656] rt_sigprocmask(SIG_SETMASK, [], [pid 8654] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8658] <... rseq resumed>) = 0 [pid 8656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8658] set_robust_list(0x7f300ac489a0, 24 [pid 8657] <... memfd_create resumed>) = 3 [pid 8656] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8658] <... set_robust_list resumed>) = 0 [pid 8657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8656] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [ 219.881901][ T8655] loop4: detected capacity change from 0 to 256 [ 219.900094][ T8652] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8658] rt_sigprocmask(SIG_SETMASK, [], [pid 8657] <... mmap resumed>) = 0x7f3002800000 [pid 8656] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8652] <... mount resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8657] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8652] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... ioctl resumed>) = 0 [pid 8658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8652] <... openat resumed>) = 3 [pid 5833] close(3 [pid 8658] memfd_create("syzkaller", 0 [pid 8657] <... write resumed>) = 131072 [pid 5833] <... close resumed>) = 0 [pid 8658] <... memfd_create resumed>) = 3 [pid 8658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8658] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8659 ./strace-static-x86_64: Process 8659 attached [pid 8658] munmap(0x7f3002800000, 138412032) = 0 [ 219.942473][ T8655] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8658] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8652] chdir("./file1" [pid 8658] <... openat resumed>) = 4 [pid 8658] ioctl(4, LOOP_SET_FD, 3 [pid 8657] munmap(0x7f3002800000, 138412032 [pid 8652] <... chdir resumed>) = 0 [pid 8659] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8657] <... munmap resumed>) = 0 [pid 8652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8659] chdir("./245" [pid 8657] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8659] <... chdir resumed>) = 0 [pid 8652] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8659] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8657] ioctl(4, LOOP_SET_FD, 3 [pid 8652] <... futex resumed>) = 1 [pid 8651] <... futex resumed>) = 0 [pid 8651] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8651] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8655] <... mount resumed>) = 0 [pid 8655] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8659] <... prctl resumed>) = 0 [pid 8655] <... openat resumed>) = 3 [pid 8652] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8655] chdir("./file1" [pid 8659] setpgid(0, 0 [pid 8655] <... chdir resumed>) = 0 [pid 8659] <... setpgid resumed>) = 0 [pid 8655] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8655] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8659] <... openat resumed>) = 3 [pid 8658] <... ioctl resumed>) = 0 [pid 8655] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8652] <... openat resumed>) = 4 [pid 8655] <... futex resumed>) = 1 [pid 8653] <... futex resumed>) = 0 [pid 8655] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8653] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8659] write(3, "1000", 4 [pid 8655] <... openat resumed>) = 4 [pid 8653] <... futex resumed>) = 0 [pid 8652] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8658] close(3 [pid 8653] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8658] <... close resumed>) = 0 [pid 8655] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8659] <... write resumed>) = 4 [pid 8658] close(4 [pid 8653] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8652] <... futex resumed>) = 1 [pid 8651] <... futex resumed>) = 0 [pid 8659] close(3 [pid 8658] <... close resumed>) = 0 [pid 8655] <... futex resumed>) = 0 [pid 8653] <... futex resumed>) = 0 [pid 8652] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8651] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8659] <... close resumed>) = 0 [pid 8658] mkdir("./file1", 0777 [pid 8655] mkdir("./file2", 0777 [pid 8653] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8659] symlink("/dev/binderfs", "./binderfs" [pid 8652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8651] <... futex resumed>) = 0 [pid 8651] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8659] <... symlink resumed>) = 0 [pid 8658] <... mkdir resumed>) = 0 [pid 8657] <... ioctl resumed>) = 0 [pid 8652] mkdir("./file2", 0777 [ 219.986903][ T8658] loop2: detected capacity change from 0 to 256 [ 219.995811][ T8657] loop1: detected capacity change from 0 to 256 [ 220.015874][ T8655] exFAT-fs (loop4): error, data size is invalid(9000) [ 220.029143][ T8652] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8658] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8655] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8655] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8653] <... futex resumed>) = ? [pid 8655] +++ killed by SIGSEGV +++ [pid 8653] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8653, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5834] umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8658] <... mount resumed>) = 0 [pid 8659] write(1, "executing program\n", 18 [pid 8657] close(3 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./244/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8658] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8659] <... write resumed>) = 18 [pid 8658] <... openat resumed>) = 3 [pid 8657] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8659] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8658] chdir("./file1" [pid 8657] close(4 [pid 5834] newfstatat(4, "", [pid 8658] <... chdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8659] <... futex resumed>) = 0 [pid 8658] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8657] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 8658] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 220.034948][ T8658] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 220.035945][ T8652] exFAT-fs (loop0): Filesystem has been set read-only [ 220.048045][ T8655] exFAT-fs (loop4): Filesystem has been set read-only [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8659] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8658] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8657] mkdir("./file1", 0777 [pid 8652] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8651] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8659] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8658] <... futex resumed>) = 1 [pid 8656] <... futex resumed>) = 0 [pid 8658] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8656] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8657] <... mkdir resumed>) = 0 [pid 8656] <... futex resumed>) = 0 [pid 8652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8651] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8658] <... openat resumed>) = 4 [pid 8657] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8656] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8651] <... futex resumed>) = ? [pid 5834] getdents64(4, [pid 8659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8658] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8652] +++ killed by SIGSEGV +++ [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8658] <... futex resumed>) = 0 [pid 8656] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(4 [pid 8659] <... mmap resumed>) = 0x7f300ac28000 [pid 8658] mkdir("./file2", 0777 [pid 8656] <... futex resumed>) = 0 [pid 8651] +++ killed by SIGSEGV +++ [pid 5834] <... close resumed>) = 0 [pid 8659] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8656] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] rmdir("./244/file1" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8651, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... rmdir resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8660 attached [pid 8659] <... clone3 resumed> => {parent_tid=[8660]}, 88) = 8660 [pid 5834] umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8659] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8659] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] newfstatat(AT_FDCWD, "./244/binderfs", [pid 5830] openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8659] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8660] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8660] <... rseq resumed>) = 0 [pid 5834] unlink("./244/binderfs" [pid 5830] newfstatat(3, "", [pid 5834] <... unlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8660] set_robust_list(0x7f300ac489a0, 24 [pid 5830] getdents64(3, [pid 8660] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8660] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 8660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 8660] memfd_create("syzkaller", 0 [pid 5834] rmdir("./244" [pid 8660] <... memfd_create resumed>) = 3 [pid 5834] <... rmdir resumed>) = 0 [pid 8660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] mkdir("./245", 0777 [pid 8660] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... mkdir resumed>) = 0 [pid 5830] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8660] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./244/file1", [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8660] <... write resumed>) = 131072 [pid 8658] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8657] <... mount resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] close(3 [pid 8660] munmap(0x7f3002800000, 138412032 [pid 5834] <... close resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8656] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8656] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8656] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8661 attached => {parent_tid=[8661]}, 88) = 8661 [pid 8656] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8662 attached NULL, 8) = 0 [pid 8661] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8656] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8661] <... rseq resumed>) = 0 [pid 8656] <... futex resumed>) = 0 [pid 8661] set_robust_list(0x7f300ac279a0, 24 [pid 8656] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8661] <... set_robust_list resumed>) = 0 [pid 8661] rt_sigprocmask(SIG_SETMASK, [], [pid 8662] set_robust_list(0x55556b85b6a0, 24 [pid 8661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8662] <... set_robust_list resumed>) = 0 [pid 8662] chdir("./245" [pid 8661] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8662 [pid 5830] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8662] <... chdir resumed>) = 0 [pid 8661] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8660] <... munmap resumed>) = 0 [pid 8658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8657] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8662] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8661] <... futex resumed>) = ? [pid 8656] <... futex resumed>) = ? [pid 5830] openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8662] <... prctl resumed>) = 0 [pid 8657] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 8662] setpgid(0, 0 [pid 8657] chdir("./file1" [pid 8660] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8662] <... setpgid resumed>) = 0 [pid 8661] +++ killed by SIGSEGV +++ [pid 8660] <... openat resumed>) = 4 [pid 8657] <... chdir resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 8662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8660] ioctl(4, LOOP_SET_FD, 3 [pid 8657] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(4, [pid 8662] <... openat resumed>) = 3 [pid 8657] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8658] +++ killed by SIGSEGV +++ [pid 8656] +++ killed by SIGSEGV +++ [pid 8657] <... futex resumed>) = 1 [pid 8654] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 220.106442][ T8658] exFAT-fs (loop2): error, data size is invalid(9000) [ 220.137279][ T8657] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 220.141307][ T8658] exFAT-fs (loop2): Filesystem has been set read-only [pid 8662] write(3, "1000", 4 [pid 8657] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8654] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8656, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] getdents64(4, [pid 8662] <... write resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8662] close(3 [pid 5830] close(4 [pid 8662] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] rmdir("./244/file1"executing program ) = 0 [pid 8662] write(1, "executing program\n", 18) = 18 [pid 8662] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8662] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8662] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] newfstatat(AT_FDCWD, "./244/binderfs", [pid 8657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8654] <... futex resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8657] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8654] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] unlink("./244/binderfs" [pid 8662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 8662] <... mmap resumed>) = 0x7f300ac28000 [pid 8657] <... openat resumed>) = 4 [pid 8662] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] getdents64(3, [pid 8662] <... mprotect resumed>) = 0 [pid 8657] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8662] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8657] <... futex resumed>) = 1 [pid 8662] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8654] <... futex resumed>) = 0 [pid 5830] close(3 [pid 8662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8657] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8654] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 ./strace-static-x86_64: Process 8663 attached [pid 8657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8654] <... futex resumed>) = 0 [pid 8663] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8662] <... clone3 resumed> => {parent_tid=[8663]}, 88) = 8663 [pid 8657] mkdir("./file2", 0777 [pid 8654] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./244" [pid 8663] <... rseq resumed>) = 0 [pid 8662] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 8663] set_robust_list(0x7f300ac489a0, 24 [pid 8662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [pid 8663] <... set_robust_list resumed>) = 0 [pid 8662] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8660] <... ioctl resumed>) = 0 [pid 5832] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./245", 0777 [pid 8663] rt_sigprocmask(SIG_SETMASK, [], [pid 8662] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8662] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8663] memfd_create("syzkaller", 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 8663] <... memfd_create resumed>) = 3 [pid 5830] close(3 [pid 8663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... close resumed>) = 0 [pid 8663] <... mmap resumed>) = 0x7f3002800000 [pid 8660] close(3 [pid 8657] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = 0 [pid 8663] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8663] <... write resumed>) = 131072 [pid 8657] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 8664 attached [pid 8660] <... close resumed>) = 0 [pid 5832] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8660] close(4 [pid 8664] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8664 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8660] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./239/file1", [pid 8664] <... set_robust_list resumed>) = 0 [pid 8660] mkdir("./file1", 0777 [pid 8654] <... futex resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8663] munmap(0x7f3002800000, 138412032 [pid 5832] umount2("./239/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8664] chdir("./245" [pid 8663] <... munmap resumed>) = 0 [pid 8660] <... mkdir resumed>) = 0 [pid 8657] +++ killed by SIGSEGV +++ [pid 8654] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8654, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8664] <... chdir resumed>) = 0 [pid 8660] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] openat(AT_FDCWD, "./239/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8664] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8663] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... restart_syscall resumed>) = 0 [pid 8663] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 8664] <... prctl resumed>) = 0 [pid 8664] setpgid(0, 0 [ 220.182652][ T8660] loop3: detected capacity change from 0 to 256 [ 220.199938][ T8657] exFAT-fs (loop1): error, data size is invalid(9000) [ 220.217702][ T8657] exFAT-fs (loop1): Filesystem has been set read-only [pid 8663] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(4, "", [pid 8664] <... setpgid resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8663] <... ioctl resumed>) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] close(4) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5832] rmdir("./239/file1" [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5832] umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./239/binderfs", [pid 8664] <... openat resumed>) = 3 [pid 8663] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] unlink("./239/binderfs" [pid 8663] <... close resumed>) = 0 [pid 8664] write(3, "1000", 4 [pid 8663] close(4 [pid 5832] <... unlink resumed>) = 0 [pid 5831] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8663] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 8663] mkdir("./file1", 0777 [pid 8664] <... write resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8664] close(3 [pid 5832] close(3 [pid 8664] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./239" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./247/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8664] symlink("/dev/binderfs", "./binderfs" [pid 8663] <... mkdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8664] <... symlink resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8663] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8660] <... mount resumed>) = 0 [pid 5832] mkdir("./240", 0777 [pid 8660] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] newfstatat(4, "", [pid 8660] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8660] chdir("./file1" [pid 5831] getdents64(4, [pid 8660] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8660] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [pid 5831] getdents64(4, [pid 8660] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8660] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 220.243186][ T8663] loop4: detected capacity change from 0 to 256 [ 220.273670][ T8660] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] close(4executing program [pid 8664] write(1, "executing program\n", 18 [pid 8660] <... futex resumed>) = 1 [pid 5831] <... close resumed>) = 0 [pid 8659] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8660] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] rmdir("./247/file1") = 0 [pid 5831] umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./247/binderfs") = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./247") = 0 [pid 5831] mkdir("./248", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 8664] <... write resumed>) = 18 [pid 8663] <... mount resumed>) = 0 [pid 8659] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 8660] <... futex resumed>) = 0 [pid 8659] <... futex resumed>) = 1 [pid 8659] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8660] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] <... ioctl resumed>) = 0 [pid 8664] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8663] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8660] <... openat resumed>) = 4 [pid 5832] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8664] <... futex resumed>) = 0 [pid 8663] <... openat resumed>) = 3 [pid 8660] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8664] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8659] <... futex resumed>) = 0 [pid 8659] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8659] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8664] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8660] <... futex resumed>) = 1 [pid 5832] <... close resumed>) = 0 [pid 8663] chdir("./file1" [pid 8664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8663] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8665 ./strace-static-x86_64: Process 8665 attached [pid 8660] mkdir("./file2", 0777 [pid 8664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8663] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8666 attached [pid 8664] <... mmap resumed>) = 0x7f300ac28000 [pid 8663] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8664] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8663] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8666 [pid 8663] <... futex resumed>) = 1 [pid 8666] set_robust_list(0x55556b85b6a0, 24 [pid 8665] set_robust_list(0x55556b85b6a0, 24 [pid 8664] <... mprotect resumed>) = 0 [pid 8663] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8662] <... futex resumed>) = 0 [pid 8666] <... set_robust_list resumed>) = 0 [pid 8664] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8662] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8665] <... set_robust_list resumed>) = 0 [pid 8662] <... futex resumed>) = 1 [pid 8666] chdir("./240" [pid 8663] <... futex resumed>) = 0 [pid 8665] chdir("./248" [pid 8664] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8663] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8662] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8665] <... chdir resumed>) = 0 [pid 8665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8666] <... chdir resumed>) = 0 [pid 8665] setpgid(0, 0 [pid 8664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8665] <... setpgid resumed>) = 0 [pid 8665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 8667 attached ) = 3 [pid 8666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8664] <... clone3 resumed> => {parent_tid=[8667]}, 88) = 8667 [pid 8665] write(3, "1000", 4) = 4 [pid 8665] close(3) = 0 [pid 8665] symlink("/dev/binderfs", "./binderfs" [pid 8666] <... prctl resumed>) = 0 [pid 8663] <... openat resumed>) = 4 [pid 8667] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8664] rt_sigprocmask(SIG_SETMASK, [], [pid 8667] <... rseq resumed>) = 0 [pid 8666] setpgid(0, 0 [pid 8664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8663] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8667] set_robust_list(0x7f300ac489a0, 24 [pid 8666] <... setpgid resumed>) = 0 [pid 8664] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8667] <... set_robust_list resumed>) = 0 [pid 8663] <... futex resumed>) = 1 [pid 8662] <... futex resumed>) = 0 [pid 8667] rt_sigprocmask(SIG_SETMASK, [], [pid 8664] <... futex resumed>) = 0 [pid 8663] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8662] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8664] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8662] <... futex resumed>) = 0 executing program [pid 8665] <... symlink resumed>) = 0 [pid 8662] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8665] write(1, "executing program\n", 18) = 18 [pid 8665] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.322910][ T8663] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 220.346205][ T8660] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8665] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8667] memfd_create("syzkaller", 0 [pid 8666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8665] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8663] mkdir("./file2", 0777 [pid 8665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8665] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8668]}, 88) = 8668 ./strace-static-x86_64: Process 8668 attached [pid 8665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8665] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8665] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8668] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8668] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8668] memfd_create("syzkaller", 0 [pid 8666] <... openat resumed>) = 3 [pid 8666] write(3, "1000", 4 [pid 8668] <... memfd_create resumed>) = 3 [pid 8668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8668] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8667] <... memfd_create resumed>) = 3 [pid 8666] <... write resumed>) = 4 [pid 8660] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8659] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8659] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8663] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8669]}, 88) = 8669 ./strace-static-x86_64: Process 8669 attached [pid 8668] munmap(0x7f3002800000, 138412032 [pid 8667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8666] close(3 [pid 8663] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8660] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8659] close(3 [pid 8668] <... munmap resumed>) = 0 [pid 8667] <... mmap resumed>) = 0x7f3002800000 [pid 8666] <... close resumed>) = 0 [pid 8662] <... futex resumed>) = ? [pid 8669] +++ killed by SIGSEGV +++ [pid 8667] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8666] symlink("/dev/binderfs", "./binderfs" [pid 8668] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8666] <... symlink resumed>) = 0 [pid 8668] <... openat resumed>) = 4 [pid 8668] ioctl(4, LOOP_SET_FD, 3 [pid 8667] <... write resumed>) = 131072 executing program [pid 8666] write(1, "executing program\n", 18 [pid 8660] +++ killed by SIGSEGV +++ [pid 8659] +++ killed by SIGSEGV +++ [pid 8666] <... write resumed>) = 18 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8659, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 220.377102][ T8660] exFAT-fs (loop3): Filesystem has been set read-only [ 220.385562][ T8663] exFAT-fs (loop4): error, data size is invalid(9000) [ 220.394469][ T8663] exFAT-fs (loop4): Filesystem has been set read-only [pid 8667] munmap(0x7f3002800000, 138412032 [pid 8666] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8667] <... munmap resumed>) = 0 [pid 8666] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8667] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8666] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8663] +++ killed by SIGSEGV +++ [pid 8662] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8662, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5833] openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... openat resumed>) = 3 [pid 5834] umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(3, "", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8668] <... ioctl resumed>) = 0 [pid 8667] <... openat resumed>) = 4 [pid 8666] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] getdents64(3, [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8668] close(3 [pid 8667] ioctl(4, LOOP_SET_FD, 3 [pid 8666] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] getdents64(3, [pid 8668] <... close resumed>) = 0 [pid 8668] close(4 [pid 8666] <... mprotect resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8668] <... close resumed>) = 0 [pid 5834] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8668] mkdir("./file1", 0777) = 0 [pid 8668] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8670]}, 88) = 8670 [pid 8666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8666] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8666] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8670 attached [pid 8670] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8670] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8670] memfd_create("syzkaller", 0) = 3 [ 220.422799][ T8668] loop1: detected capacity change from 0 to 256 [ 220.446188][ T8667] loop0: detected capacity change from 0 to 256 [pid 8670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8670] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8667] <... ioctl resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8667] close(3 [pid 5833] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8667] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8670] <... write resumed>) = 131072 [pid 8667] close(4 [pid 5833] newfstatat(AT_FDCWD, "./245/file1", [pid 8670] munmap(0x7f3002800000, 138412032) = 0 [pid 8670] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8670] ioctl(4, LOOP_SET_FD, 3 [pid 8668] <... mount resumed>) = 0 [pid 8667] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8668] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8667] mkdir("./file1", 0777 [pid 5834] <... umount2 resumed>) = 0 [pid 5833] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8667] <... mkdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8667] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] newfstatat(AT_FDCWD, "./245/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5834] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(4, "", [pid 5834] openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8668] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 8668] chdir("./file1" [pid 5834] getdents64(4, [pid 8668] <... chdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 220.473735][ T8668] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 220.497735][ T8670] loop2: detected capacity change from 0 to 256 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8668] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./245/file1") = 0 [pid 5834] umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./245/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./245") = 0 [pid 5834] mkdir("./246", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8668] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8668] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] getdents64(4, [pid 8668] <... futex resumed>) = 1 [pid 8665] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8668] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8665] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 5833] close(4 [pid 8668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8665] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8670] <... ioctl resumed>) = 0 [pid 8668] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8665] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] rmdir("./245/file1"./strace-static-x86_64: Process 8671 attached [pid 8670] close(3 [pid 5833] <... rmdir resumed>) = 0 [pid 8671] set_robust_list(0x55556b85b6a0, 24 [pid 8670] <... close resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8671 [pid 5833] umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8671] <... set_robust_list resumed>) = 0 [pid 8670] close(4 [pid 8668] <... openat resumed>) = 4 [pid 8671] chdir("./246" [pid 8670] <... close resumed>) = 0 [pid 8668] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8671] <... chdir resumed>) = 0 [pid 8670] mkdir("./file1", 0777 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8671] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8668] <... futex resumed>) = 1 [pid 8665] <... futex resumed>) = 0 [pid 8671] <... prctl resumed>) = 0 [pid 8670] <... mkdir resumed>) = 0 [pid 8668] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8665] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./245/binderfs", [pid 8671] setpgid(0, 0 [pid 8670] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8665] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8671] <... setpgid resumed>) = 0 [ 220.527813][ T8667] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8668] mkdir("./file2", 0777 [pid 8667] <... mount resumed>) = 0 [pid 8665] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./245/binderfs" [pid 8671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8671] write(3, "1000", 4) = 4 [pid 8671] close(3) = 0 [pid 8671] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8671] write(1, "executing program\n", 18) = 18 [pid 8671] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8671] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8671] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8667] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8671] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8667] <... openat resumed>) = 3 [pid 8667] chdir("./file1" [pid 5833] getdents64(3, [pid 8667] <... chdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8667] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] close(3 [pid 8667] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... close resumed>) = 0 [pid 8671] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8667] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./245"./strace-static-x86_64: Process 8672 attached [pid 8671] <... clone3 resumed> => {parent_tid=[8672]}, 88) = 8672 [pid 8667] <... futex resumed>) = 1 [pid 5833] <... rmdir resumed>) = 0 [pid 8671] rt_sigprocmask(SIG_SETMASK, [], [pid 8672] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8667] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] mkdir("./246", 0777 [pid 8671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8671] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8671] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8664] <... futex resumed>) = 0 [pid 8664] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8664] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... mkdir resumed>) = 0 [pid 8672] <... rseq resumed>) = 0 [pid 8667] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8672] set_robust_list(0x7f300ac489a0, 24 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8672] <... set_robust_list resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8672] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8667] <... openat resumed>) = 4 [pid 5833] close(3 [pid 8672] memfd_create("syzkaller", 0 [pid 5833] <... close resumed>) = 0 [pid 8672] <... memfd_create resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 220.574675][ T8668] exFAT-fs (loop1): error, data size is invalid(9000) [ 220.597406][ T8668] exFAT-fs (loop1): Filesystem has been set read-only [pid 8672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 ./strace-static-x86_64: Process 8673 attached [pid 8672] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8668] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8667] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8673 [pid 8672] <... write resumed>) = 131072 [pid 8665] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8672] munmap(0x7f3002800000, 138412032 [pid 8668] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8667] <... futex resumed>) = 1 [pid 8665] <... futex resumed>) = 0 [pid 8664] <... futex resumed>) = 0 [pid 8673] set_robust_list(0x55556b85b6a0, 24 [pid 8672] <... munmap resumed>) = 0 [pid 8667] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8664] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8673] <... set_robust_list resumed>) = 0 [pid 8667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8664] <... futex resumed>) = 0 [pid 8673] chdir("./246" [pid 8667] mkdir("./file2", 0777 [pid 8664] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8673] <... chdir resumed>) = 0 [pid 8673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8673] setpgid(0, 0) = 0 [pid 8673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8672] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8673] <... openat resumed>) = 3 [pid 8673] write(3, "1000", 4) = 4 [pid 8673] close(3) = 0 [pid 8673] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8673] write(1, "executing program\n", 18) = 18 [pid 8673] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8673] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8673] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8672] <... openat resumed>) = 4 [pid 8673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8668] +++ killed by SIGSEGV +++ [pid 8665] +++ killed by SIGSEGV +++ [pid 8672] ioctl(4, LOOP_SET_FD, 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8665, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- ./strace-static-x86_64: Process 8674 attached [pid 8673] <... clone3 resumed> => {parent_tid=[8674]}, 88) = 8674 [pid 8672] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8674] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8673] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.620634][ T8670] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 220.650007][ T8667] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8673] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8670] <... mount resumed>) = 0 [pid 5831] umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8670] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8670] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 8674] <... rseq resumed>) = 0 [pid 8672] ioctl(4, LOOP_CLR_FD [pid 8670] chdir("./file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8674] set_robust_list(0x7f300ac489a0, 24 [pid 8672] <... ioctl resumed>) = 0 [pid 8670] <... chdir resumed>) = 0 [pid 5831] getdents64(3, [pid 8674] <... set_robust_list resumed>) = 0 [pid 8670] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8674] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8667] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8674] memfd_create("syzkaller", 0 [pid 8670] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8667] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... umount2 resumed>) = 0 [pid 8674] <... memfd_create resumed>) = 3 [pid 8672] ioctl(4, LOOP_SET_FD, 3 [pid 8670] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8664] <... futex resumed>) = ? [pid 5831] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8672] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8670] <... futex resumed>) = 1 [pid 8667] +++ killed by SIGSEGV +++ [pid 8666] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8672] close(4 [pid 8670] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8666] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8664] +++ killed by SIGSEGV +++ [pid 5831] newfstatat(AT_FDCWD, "./248/file1", [pid 8674] <... mmap resumed>) = 0x7f3002800000 [pid 8670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8666] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8672] <... close resumed>) = 0 [pid 8670] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8666] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8664, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8674] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8672] close(3 [pid 8670] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8672] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [ 220.672950][ T8667] exFAT-fs (loop0): Filesystem has been set read-only [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8674] <... write resumed>) = 131072 [pid 8672] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8672] <... futex resumed>) = 1 [pid 8671] <... futex resumed>) = 0 [pid 8672] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8671] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] getdents64(4, [pid 5830] umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8671] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8670] <... futex resumed>) = 1 [pid 8666] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8670] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8666] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(4, [pid 5830] openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8672] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8666] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8670] mkdir("./file2", 0777 [pid 8666] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] close(4 [pid 5830] newfstatat(3, "", [pid 8672] <... openat resumed>) = 3 [pid 8672] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8672] <... futex resumed>) = 1 [pid 8672] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8671] <... futex resumed>) = 0 [pid 5830] getdents64(3, [pid 8674] munmap(0x7f3002800000, 138412032 [pid 8671] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8672] <... futex resumed>) = 0 [pid 8674] <... munmap resumed>) = 0 [pid 8671] <... futex resumed>) = 1 [pid 8672] mkdir("./file2", 0777 [pid 8671] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8674] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8672] <... mkdir resumed>) = 0 [pid 8674] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8672] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] rmdir("./248/file1" [pid 5830] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8671] <... futex resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./245/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./248/binderfs", [pid 5830] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8674] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./248/binderfs" [pid 5830] openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5831] getdents64(3, [pid 5830] newfstatat(4, "", [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(3 [pid 5830] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./248" [pid 5830] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./249", 0777 [pid 5830] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] rmdir("./245/file1" [pid 5831] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5830] newfstatat(AT_FDCWD, "./245/binderfs", [pid 8674] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./245/binderfs" [pid 8674] close(3 [pid 5830] <... unlink resumed>) = 0 [pid 8674] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 8672] +++ killed by SIGSEGV +++ [pid 8671] +++ killed by SIGSEGV +++ [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3./strace-static-x86_64: Process 8675 attached [pid 8674] close(4 [pid 8670] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8671, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8675 [pid 5830] <... close resumed>) = 0 [pid 8675] set_robust_list(0x55556b85b6a0, 24 [pid 8674] <... close resumed>) = 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5830] rmdir("./245" [pid 8675] <... set_robust_list resumed>) = 0 [pid 8674] mkdir("./file1", 0777 [pid 8666] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... restart_syscall resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8674] <... mkdir resumed>) = 0 [pid 8670] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8666] read(0, [pid 5830] mkdir("./246", 0777 [pid 8675] chdir("./249" [pid 8674] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] <... mkdir resumed>) = 0 [pid 8675] <... chdir resumed>) = 0 [pid 8670] +++ killed by SIGSEGV +++ [pid 8666] +++ killed by SIGSEGV +++ [pid 5834] umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW [ 220.735608][ T8670] exFAT-fs (loop2): error, data size is invalid(9000) [ 220.757374][ T8674] loop3: detected capacity change from 0 to 256 [ 220.777232][ T8670] exFAT-fs (loop2): Filesystem has been set read-only [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8675] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8666, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] <... openat resumed>) = 3 [pid 8675] <... prctl resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5834] newfstatat(3, "", [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] close(3 [pid 5834] getdents64(3, 0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 5832] umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5834] umount2("./246/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./246/devices.list", [pid 5832] openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5834] unlink("./246/devices.list" [pid 5832] newfstatat(3, "", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8675] setpgid(0, 0 [pid 5834] <... unlink resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] newfstatat(AT_FDCWD, "./246/binderfs", [pid 5832] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./246/binderfs") = 0 [pid 5834] umount2("./246/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8676 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./246/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./246/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8675] <... setpgid resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./246/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] getdents64(4, ./strace-static-x86_64: Process 8676 attached 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8676] set_robust_list(0x55556b85b6a0, 24 [pid 8675] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 8676] <... set_robust_list resumed>) = 0 [pid 5834] getdents64(4, [pid 8676] chdir("./246" [pid 8675] write(3, "1000", 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8675] <... write resumed>) = 4 [pid 8676] <... chdir resumed>) = 0 [pid 8675] close(3 [pid 8676] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8675] <... close resumed>) = 0 [pid 5834] close(4 [pid 8676] <... prctl resumed>) = 0 [pid 8675] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... close resumed>) = 0 [pid 5832] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8676] setpgid(0, 0 [pid 8675] <... symlink resumed>) = 0 [pid 5834] rmdir("./246/file2" [pid 8676] <... setpgid resumed>) = 0 [pid 8675] write(1, "executing program\n", 18 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8675] <... write resumed>) = 18 [pid 8674] <... mount resumed>) = 0 [pid 5834] getdents64(3, [pid 5832] newfstatat(AT_FDCWD, "./240/file1", [pid 8676] <... openat resumed>) = 3 [pid 8675] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8676] write(3, "1000", 4 [pid 8675] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8676] <... write resumed>) = 4 [pid 8675] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8674] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] close(3 [pid 8676] close(3 [pid 8675] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] umount2("./240/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8676] <... close resumed>) = 0 [pid 8675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8674] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 8676] symlink("/dev/binderfs", "./binderfs" [pid 8675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] <... symlink resumed>) = 0 [pid 8675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8674] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 8676] write(1, "executing program\n", 18 [pid 8675] <... mmap resumed>) = 0x7f300ac28000 [pid 8674] <... chdir resumed>) = 0 [pid 5834] rmdir("./246" [pid 5832] openat(AT_FDCWD, "./240/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8676] <... write resumed>) = 18 [pid 8675] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8674] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8676] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8675] <... mprotect resumed>) = 0 [pid 8676] <... futex resumed>) = 0 [pid 8675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... rmdir resumed>) = 0 [pid 8676] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... openat resumed>) = 4 [pid 8676] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8674] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8677 attached [pid 8676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8677] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8675] <... clone3 resumed> => {parent_tid=[8677]}, 88) = 8677 [pid 8677] <... rseq resumed>) = 0 [pid 8676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8675] rt_sigprocmask(SIG_SETMASK, [], [pid 8674] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(4, "", [pid 8677] set_robust_list(0x7f300ac489a0, 24 [pid 8676] <... mmap resumed>) = 0x7f300ac28000 [pid 8675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8674] <... futex resumed>) = 1 [pid 8673] <... futex resumed>) = 0 [pid 5834] mkdir("./247", 0777 [pid 8677] <... set_robust_list resumed>) = 0 [pid 8676] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8675] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8674] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8673] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8677] rt_sigprocmask(SIG_SETMASK, [], [pid 8676] <... mprotect resumed>) = 0 [pid 8675] <... futex resumed>) = 0 [pid 8677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8675] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8673] <... futex resumed>) = 0 [pid 5832] getdents64(4, [pid 8677] memfd_create("syzkaller", 0 [pid 8676] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 8677] <... memfd_create resumed>) = 3 [pid 8676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8673] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8674] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8678 attached [pid 8677] <... mmap resumed>) = 0x7f3002800000 [pid 5832] getdents64(4, [pid 8678] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8677] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... openat resumed>) = 3 [pid 8678] <... rseq resumed>) = 0 [pid 8677] <... write resumed>) = 131072 [pid 8676] <... clone3 resumed> => {parent_tid=[8678]}, 88) = 8678 [pid 8674] <... openat resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8678] set_robust_list(0x7f300ac489a0, 24 [pid 5832] close(4 [pid 8676] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... close resumed>) = 0 [pid 8678] <... set_robust_list resumed>) = 0 [pid 5834] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8678] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] close(3 [pid 8678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8678] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... close resumed>) = 0 [pid 8678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8676] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./240/file1" [pid 8677] munmap(0x7f3002800000, 138412032 [pid 8676] <... futex resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8678] memfd_create("syzkaller", 0 [pid 8677] <... munmap resumed>) = 0 [pid 8676] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... rmdir resumed>) = 0 [ 220.818536][ T8674] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8677] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8679 attached [pid 8678] <... memfd_create resumed>) = 3 [pid 8674] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8677] <... openat resumed>) = 4 [pid 8678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8674] <... futex resumed>) = 1 [pid 8673] <... futex resumed>) = 0 [pid 8673] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8679 [pid 8679] set_robust_list(0x55556b85b6a0, 24 [pid 8678] <... mmap resumed>) = 0x7f3002800000 [pid 8674] mkdir("./file2", 0777 [pid 8673] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8677] ioctl(4, LOOP_SET_FD, 3 [pid 8673] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8679] <... set_robust_list resumed>) = 0 [pid 8678] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8678] <... write resumed>) = 131072 [pid 5832] unlink("./240/binderfs" [pid 8679] chdir("./247" [pid 5832] <... unlink resumed>) = 0 [pid 8679] <... chdir resumed>) = 0 [pid 8678] munmap(0x7f3002800000, 138412032 [pid 5832] getdents64(3, [pid 8679] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8678] <... munmap resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8679] <... prctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8679] setpgid(0, 0 [pid 5832] rmdir("./240" [pid 8679] <... setpgid resumed>) = 0 [pid 8678] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 8678] <... openat resumed>) = 4 [pid 5832] mkdir("./241", 0777 [pid 8678] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 8679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(3) = 0 [pid 8679] <... openat resumed>) = 3 [pid 8678] <... ioctl resumed>) = 0 [pid 8677] <... ioctl resumed>) = 0 [pid 8674] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8679] write(3, "1000", 4 [pid 8677] close(3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8679] <... write resumed>) = 4 [pid 8677] <... close resumed>) = 0 [pid 8679] close(3 [pid 8677] close(4 [pid 8679] <... close resumed>) = 0 [pid 8677] <... close resumed>) = 0 ./strace-static-x86_64: Process 8680 attached [pid 8679] symlink("/dev/binderfs", "./binderfs" [pid 8677] mkdir("./file1", 0777 [pid 8680] set_robust_list(0x55556b85b6a0, 24 [pid 8679] <... symlink resumed>) = 0 executing program [pid 8678] close(3 [pid 8677] <... mkdir resumed>) = 0 [pid 8674] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8680 [pid 8680] <... set_robust_list resumed>) = 0 [pid 8679] write(1, "executing program\n", 18 [pid 8678] <... close resumed>) = 0 [pid 8677] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8673] <... futex resumed>) = ? [ 220.891094][ T8674] exFAT-fs (loop3): error, data size is invalid(9000) [ 220.897924][ T8674] exFAT-fs (loop3): Filesystem has been set read-only [ 220.914276][ T8677] loop1: detected capacity change from 0 to 256 [ 220.927009][ T8678] loop0: detected capacity change from 0 to 256 [pid 8680] chdir("./241" [pid 8679] <... write resumed>) = 18 [pid 8678] close(4 [pid 8680] <... chdir resumed>) = 0 [pid 8679] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8678] <... close resumed>) = 0 [pid 8674] +++ killed by SIGSEGV +++ [pid 8673] +++ killed by SIGSEGV +++ [pid 8680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8673, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8680] setpgid(0, 0 [pid 8678] mkdir("./file1", 0777 [pid 5833] umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8679] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8679] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8679] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] newfstatat(3, "", [pid 8680] <... setpgid resumed>) = 0 [pid 8679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8678] <... mkdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8678] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8679] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8680] <... openat resumed>) = 3 [pid 8680] write(3, "1000", 4 [pid 8679] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8680] <... write resumed>) = 4 [pid 8679] <... mprotect resumed>) = 0 [pid 8680] close(3 [pid 8679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8681]}, 88) = 8681 [pid 8680] <... close resumed>) = 0 [pid 8680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8679] rt_sigprocmask(SIG_SETMASK, [], [pid 8680] write(1, "executing program\n", 18 [pid 8679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8679] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 executing program [pid 8679] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8681 attached [pid 8680] <... write resumed>) = 18 [pid 8681] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8681] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8680] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8680] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8681] memfd_create("syzkaller", 0 [pid 8680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8680] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8680] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./246/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8681] <... memfd_create resumed>) = 3 [pid 8680] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8677] <... mount resumed>) = 0 [pid 8681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8677] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8681] <... mmap resumed>) = 0x7f3002800000 [pid 8677] <... openat resumed>) = 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8681] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8680] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8677] chdir("./file1" [pid 8680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8677] <... chdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./246/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8682 attached [ 220.959447][ T8677] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8677] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... openat resumed>) = 4 [pid 8677] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] newfstatat(4, "", [pid 8682] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8681] <... write resumed>) = 131072 [pid 8680] <... clone3 resumed> => {parent_tid=[8682]}, 88) = 8682 [pid 8677] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8675] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8677] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8675] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 8677] <... openat resumed>) = 4 [pid 8675] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8681] munmap(0x7f3002800000, 138412032 [pid 8675] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(4, [pid 8681] <... munmap resumed>) = 0 [pid 8677] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8675] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(4 [pid 8675] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8675] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] rmdir("./246/file1" [pid 8677] <... futex resumed>) = 1 [pid 8675] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8675] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5833] umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8681] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] newfstatat(AT_FDCWD, "./246/binderfs", [pid 8681] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./246/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./246" [pid 8681] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... rmdir resumed>) = 0 [pid 8682] <... rseq resumed>) = 0 [pid 8680] rt_sigprocmask(SIG_SETMASK, [], [pid 8677] mkdir("./file2", 0777 [pid 8682] set_robust_list(0x7f300ac489a0, 24 [pid 8680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8682] <... set_robust_list resumed>) = 0 [pid 8680] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8678] <... mount resumed>) = 0 [pid 5833] mkdir("./247", 0777 [pid 8682] rt_sigprocmask(SIG_SETMASK, [], [pid 8680] <... futex resumed>) = 0 [pid 8682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8680] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8682] memfd_create("syzkaller", 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3 [pid 8682] <... memfd_create resumed>) = 3 [pid 8682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8678] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] <... close resumed>) = 0 [ 221.020247][ T8678] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.034598][ T8681] loop4: detected capacity change from 0 to 256 [ 221.043719][ T8677] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8678] chdir("./file1" [pid 8682] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8678] <... chdir resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8682] <... write resumed>) = 131072 [pid 8681] <... ioctl resumed>) = 0 [pid 8678] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8682] munmap(0x7f3002800000, 138412032 [pid 8681] close(3 [pid 8678] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8675] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8681] <... close resumed>) = 0 [pid 8681] close(4) = 0 [pid 8675] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8682] <... munmap resumed>) = 0 [pid 8681] mkdir("./file1", 0777 [pid 8678] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8683 attached ) = 0x7f300ac07000 [pid 8678] <... futex resumed>) = 1 [pid 8675] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8683 [pid 8678] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8683] set_robust_list(0x55556b85b6a0, 24 [pid 8676] <... futex resumed>) = 0 [pid 8675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8681] <... mkdir resumed>) = 0 [pid 8683] <... set_robust_list resumed>) = 0 [pid 8676] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8683] chdir("./247" [pid 8676] <... futex resumed>) = 1 [pid 8675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8684 attached [pid 8683] <... chdir resumed>) = 0 [pid 8682] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8678] <... futex resumed>) = 0 [pid 8676] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8678] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8675] <... clone3 resumed> => {parent_tid=[8684]}, 88) = 8684 [pid 8684] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8683] setpgid(0, 0 [pid 8682] <... openat resumed>) = 4 [pid 8681] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8675] rt_sigprocmask(SIG_SETMASK, [], [pid 8684] <... rseq resumed>) = 0 [pid 8683] <... setpgid resumed>) = 0 [ 221.067714][ T8677] exFAT-fs (loop1): Filesystem has been set read-only executing program [pid 8682] ioctl(4, LOOP_SET_FD, 3 [pid 8678] <... openat resumed>) = 4 [pid 8677] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8684] set_robust_list(0x7f300ac279a0, 24 [pid 8683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8677] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8675] ???( [pid 8683] <... openat resumed>) = 3 [pid 8683] write(3, "1000", 4) = 4 [pid 8683] close(3) = 0 [pid 8683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8683] write(1, "executing program\n", 18) = 18 [pid 8683] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8683] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8684] <... set_robust_list resumed>) = ? [pid 8678] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8675] <... ??? resumed>) = ? [pid 8678] <... futex resumed>) = 1 [pid 8677] +++ killed by SIGSEGV +++ [pid 8676] <... futex resumed>) = 0 [pid 8683] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8678] mkdir("./file2", 0777 [pid 8676] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8676] <... futex resumed>) = 0 [pid 8683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8676] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8683] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8684] +++ killed by SIGSEGV +++ [pid 8683] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8682] <... ioctl resumed>) = 0 [pid 8675] +++ killed by SIGSEGV +++ [pid 8683] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8685]}, 88) = 8685 [pid 8683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8683] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8683] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8685 attached [pid 8682] close(3 [pid 8678] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8682] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8675, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8685] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8682] close(4 [pid 8685] <... rseq resumed>) = 0 [pid 8678] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8682] <... close resumed>) = 0 [pid 8685] set_robust_list(0x7f300ac489a0, 24 [pid 8682] mkdir("./file1", 0777 [pid 8676] <... futex resumed>) = ? [pid 8685] <... set_robust_list resumed>) = 0 [pid 8682] <... mkdir resumed>) = 0 [pid 8678] +++ killed by SIGSEGV +++ [pid 8676] +++ killed by SIGSEGV +++ [pid 5831] umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8685] rt_sigprocmask(SIG_SETMASK, [], [pid 8682] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8676, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8685] memfd_create("syzkaller", 0) = 3 [pid 5831] openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 8685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8685] <... mmap resumed>) = 0x7f3002800000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8685] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8685] <... write resumed>) = 131072 [pid 5831] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8685] munmap(0x7f3002800000, 138412032 [ 221.102331][ T8682] loop2: detected capacity change from 0 to 256 [ 221.122385][ T8678] exFAT-fs (loop0): error, data size is invalid(9000) [ 221.132061][ T8678] exFAT-fs (loop0): Filesystem has been set read-only [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8685] <... munmap resumed>) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8685] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8685] close(3 [pid 8681] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./246/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./246/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 8685] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./246/file1" [pid 8685] close(4 [pid 5830] <... rmdir resumed>) = 0 [pid 8685] <... close resumed>) = 0 [pid 8681] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8685] mkdir("./file1", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8681] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./246/binderfs" [pid 8685] <... mkdir resumed>) = 0 [pid 8681] chdir("./file1" [pid 5831] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 8681] <... chdir resumed>) = 0 [pid 5830] getdents64(3, [pid 8685] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8681] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./246") = 0 [pid 5830] mkdir("./247", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [ 221.172563][ T8681] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.190692][ T8685] loop3: detected capacity change from 0 to 256 [pid 5830] close(3 [pid 8681] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] newfstatat(AT_FDCWD, "./249/file1", [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8681] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8681] <... futex resumed>) = 1 [pid 8679] <... futex resumed>) = 0 [pid 5831] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8681] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8679] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8679] <... futex resumed>) = 1 [pid 8681] <... futex resumed>) = 0 [pid 8679] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8681] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 8686 attached [pid 5831] newfstatat(4, "", [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8686 [pid 8681] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8681] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(4, [pid 8686] set_robust_list(0x55556b85b6a0, 24 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8686] <... set_robust_list resumed>) = 0 [pid 8681] <... futex resumed>) = 1 [pid 8679] <... futex resumed>) = 0 [pid 8679] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8681] mkdir("./file2", 0777 [pid 5831] getdents64(4, [pid 8679] <... futex resumed>) = 0 [pid 8686] chdir("./247" [pid 8679] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8686] <... chdir resumed>) = 0 [pid 8686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8686] setpgid(0, 0) = 0 executing program [pid 8686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] close(4 [pid 8686] <... openat resumed>) = 3 [pid 8686] write(3, "1000", 4) = 4 [pid 8686] close(3) = 0 [pid 8686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8686] write(1, "executing program\n", 18) = 18 [pid 8686] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8686] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 221.232826][ T8682] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.260569][ T8681] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8686] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8687]}, 88) = 8687 [pid 8686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8686] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8687 attached [pid 8686] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8687] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8687] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8687] memfd_create("syzkaller", 0) = 3 [pid 8682] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5831] rmdir("./249/file1") = 0 [pid 8679] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8679] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8679] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8688 attached [pid 8687] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8682] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8679] <... clone3 resumed> => {parent_tid=[8688]}, 88) = 8688 [pid 5831] umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8682] <... openat resumed>) = 3 [pid 8681] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8682] chdir("./file1" [pid 5831] newfstatat(AT_FDCWD, "./249/binderfs", [pid 8681] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8682] <... chdir resumed>) = 0 [pid 8682] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8682] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] unlink("./249/binderfs" [pid 8688] +++ killed by SIGSEGV +++ [pid 8685] <... mount resumed>) = 0 [pid 8682] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8681] +++ killed by SIGSEGV +++ [pid 8679] +++ killed by SIGSEGV +++ [pid 8687] <... write resumed>) = 131072 [pid 8685] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8682] <... futex resumed>) = 1 [pid 8680] <... futex resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8679, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] <... unlink resumed>) = 0 [pid 8685] <... openat resumed>) = 3 [pid 8682] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8680] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 8687] munmap(0x7f3002800000, 138412032 [pid 8680] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8687] <... munmap resumed>) = 0 [pid 8680] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8682] <... openat resumed>) = 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 8685] chdir("./file1" [pid 5834] openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8685] <... chdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 8687] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8685] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] newfstatat(3, "", [pid 5831] rmdir("./249" [pid 8687] <... openat resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8685] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [ 221.285103][ T8681] exFAT-fs (loop4): Filesystem has been set read-only [ 221.296841][ T8685] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8687] ioctl(4, LOOP_SET_FD, 3 [pid 5834] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8685] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8682] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8685] <... futex resumed>) = 1 [pid 8682] <... futex resumed>) = 1 [pid 8680] <... futex resumed>) = 0 [pid 5831] mkdir("./250", 0777 [pid 8685] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8682] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8680] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... mkdir resumed>) = 0 [pid 8682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8680] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8682] mkdir("./file2", 0777 [pid 8680] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 3 [pid 8687] <... ioctl resumed>) = 0 [pid 8683] <... futex resumed>) = 0 [pid 8683] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8685] <... futex resumed>) = 0 [pid 8683] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8685] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 8687] close(3 [pid 5831] close(3 [pid 8687] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8685] <... openat resumed>) = 4 [pid 8687] close(4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8689 attached , child_tidptr=0x55556b85b690) = 8689 [pid 8689] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8689] chdir("./250") = 0 [pid 8689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8687] <... close resumed>) = 0 [pid 8689] setpgid(0, 0) = 0 [pid 8689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8687] mkdir("./file1", 0777 [pid 8689] <... openat resumed>) = 3 [pid 8687] <... mkdir resumed>) = 0 [pid 8685] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8682] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8685] <... futex resumed>) = 1 [pid 8687] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8685] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8683] <... futex resumed>) = 0 [pid 8689] write(3, "1000", 4 [pid 8683] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8689] <... write resumed>) = 4 [pid 8689] close(3 [pid 8683] <... futex resumed>) = 1 [pid 8682] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8685] <... futex resumed>) = 0 [pid 8685] mkdir("./file2", 0777 [pid 8683] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8689] <... close resumed>) = 0 [pid 8680] <... futex resumed>) = ? [pid 8689] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8689] write(1, "executing program\n", 18 [pid 8682] +++ killed by SIGSEGV +++ [pid 8680] +++ killed by SIGSEGV +++ [pid 8689] <... write resumed>) = 18 [pid 8689] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8689] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8680, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8689] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... restart_syscall resumed>) = 0 [pid 8689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8690 attached [pid 8689] <... clone3 resumed> => {parent_tid=[8690]}, 88) = 8690 [pid 5832] umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8689] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8690] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8689] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8690] <... rseq resumed>) = 0 [pid 8689] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8690] set_robust_list(0x7f300ac489a0, 24 [pid 8689] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8690] <... set_robust_list resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8690] memfd_create("syzkaller", 0) = 3 [pid 8690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8690] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] newfstatat(3, "", [pid 5834] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] <... write resumed>) = 131072 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] newfstatat(AT_FDCWD, "./247/file1", [pid 5832] getdents64(3, [pid 8690] munmap(0x7f3002800000, 138412032 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8690] <... munmap resumed>) = 0 [ 221.330635][ T8687] loop0: detected capacity change from 0 to 256 [ 221.335581][ T8682] exFAT-fs (loop2): error, data size is invalid(9000) [ 221.359651][ T8682] exFAT-fs (loop2): Filesystem has been set read-only [ 221.372719][ T8685] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5832] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5834] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... openat resumed>) = 4 [pid 8683] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(4, "", [pid 8683] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8690] <... ioctl resumed>) = 0 [pid 8687] <... mount resumed>) = 0 [pid 8685] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] getdents64(4, [pid 5832] <... umount2 resumed>) = 0 [pid 8690] close(3 [pid 8685] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8683] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] <... close resumed>) = 0 [pid 8687] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8690] close(4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(AT_FDCWD, "./241/file1", [pid 8690] <... close resumed>) = 0 [pid 5834] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8690] mkdir("./file1", 0777 [pid 8687] <... openat resumed>) = 3 [pid 8685] +++ killed by SIGSEGV +++ [pid 8683] +++ killed by SIGSEGV +++ [pid 5834] <... close resumed>) = 0 [pid 5832] umount2("./241/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8687] chdir("./file1" [pid 5834] rmdir("./247/file1" [pid 8687] <... chdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8683, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8690] <... mkdir resumed>) = 0 [pid 8687] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./241/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 4 [pid 8687] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] newfstatat(AT_FDCWD, "./247/binderfs", [pid 5832] newfstatat(4, "", [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5833] umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8687] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8686] <... futex resumed>) = 0 [pid 5834] unlink("./247/binderfs" [pid 5833] openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(4, [pid 8687] <... futex resumed>) = 1 [pid 8686] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8687] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8686] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8687] <... openat resumed>) = 4 [pid 8686] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] getdents64(3, [pid 5833] newfstatat(3, "", [pid 5832] close(4 [pid 8687] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8687] <... futex resumed>) = 0 [ 221.401273][ T8685] exFAT-fs (loop3): Filesystem has been set read-only [ 221.410107][ T8687] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.418437][ T8690] loop1: detected capacity change from 0 to 256 [pid 8686] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... close resumed>) = 0 [pid 8687] mkdir("./file2", 0777 [pid 8686] <... futex resumed>) = 0 [pid 5834] close(3 [pid 5832] rmdir("./241/file1" [pid 8686] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5833] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./241/binderfs", [pid 5834] rmdir("./247") = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] mkdir("./248", 0777 [pid 5832] unlink("./241/binderfs" [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... umount2 resumed>) = 0 [pid 5832] getdents64(3, [pid 5834] <... openat resumed>) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5833] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5834] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./247/file1", [pid 5832] rmdir("./241" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8687] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8690] <... mount resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... rmdir resumed>) = 0 [pid 8690] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", [pid 8690] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8690] chdir("./file1") = 0 [pid 8690] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8687] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 8691 attached [pid 8690] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8686] <... futex resumed>) = ? [pid 5833] getdents64(4, [pid 5832] mkdir("./242", 0777 [pid 8691] set_robust_list(0x55556b85b6a0, 24 [pid 8690] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8687] +++ killed by SIGSEGV +++ [pid 8686] +++ killed by SIGSEGV +++ [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8691 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... mkdir resumed>) = 0 [pid 5833] getdents64(4, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8686, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8691] <... set_robust_list resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8691] chdir("./248" [pid 8690] <... futex resumed>) = 1 [pid 5832] <... openat resumed>) = 3 [pid 8690] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8691] <... chdir resumed>) = 0 [pid 5833] close(4 [pid 5832] <... ioctl resumed>) = 0 [pid 8691] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... close resumed>) = 0 [pid 8691] <... prctl resumed>) = 0 [pid 5832] close(3 [pid 5833] rmdir("./247/file1" [pid 8691] setpgid(0, 0 [pid 8689] <... futex resumed>) = 0 [pid 8689] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 8690] <... futex resumed>) = 0 [pid 8689] <... futex resumed>) = 1 [pid 8690] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8689] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... restart_syscall resumed>) = 0 [pid 8691] <... setpgid resumed>) = 0 [pid 8690] <... openat resumed>) = 4 [pid 5833] umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8690] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8689] <... futex resumed>) = 0 [pid 8691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8689] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./247/binderfs", [pid 5830] openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8689] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5833] unlink("./247/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8691] <... openat resumed>) = 3 [pid 8689] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8691] write(3, "1000", 4 [pid 5833] <... unlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8691] <... write resumed>) = 4 [ 221.475304][ T8687] exFAT-fs (loop0): error, data size is invalid(9000) [ 221.488927][ T8690] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.504997][ T8687] exFAT-fs (loop0): Filesystem has been set read-only [pid 5830] getdents64(3, [pid 8690] mkdir("./file2", 0777./strace-static-x86_64: Process 8692 attached [pid 8691] close(3 [pid 5833] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8691] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8691] symlink("/dev/binderfs", "./binderfs" [pid 5830] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 8692] set_robust_list(0x55556b85b6a0, 24 [pid 8691] <... symlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8692 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8692] <... set_robust_list resumed>) = 0 [pid 8691] write(1, "executing program\n", 18 [pid 8690] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] rmdir("./247" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8692] chdir("./242" [pid 5830] newfstatat(AT_FDCWD, "./247/file1", executing program [pid 8692] <... chdir resumed>) = 0 [pid 8691] <... write resumed>) = 18 [pid 5833] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8692] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8691] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] mkdir("./248", 0777 [pid 5830] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8692] <... prctl resumed>) = 0 [pid 8691] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8692] setpgid(0, 0 [pid 8691] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8692] <... setpgid resumed>) = 0 [pid 8691] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] newfstatat(4, "", [pid 8692] <... openat resumed>) = 3 [pid 8691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8692] write(3, "1000", 4 [pid 8691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8692] <... write resumed>) = 4 [pid 8691] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] getdents64(4, [pid 8692] close(3 [pid 8691] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... openat resumed>) = 3 [pid 8692] <... close resumed>) = 0 [pid 8691] <... mprotect resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8692] symlink("/dev/binderfs", "./binderfs" [pid 8691] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... ioctl resumed>) = 0 [pid 5830] getdents64(4, [pid 8692] <... symlink resumed>) = 0 [pid 8691] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8690] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] close(4 [pid 8689] <... futex resumed>) = ? [pid 8691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8690] +++ killed by SIGSEGV +++ [pid 8689] +++ killed by SIGSEGV +++ [pid 5830] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8689, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 221.543197][ T8690] exFAT-fs (loop1): error, data size is invalid(9000) [ 221.560376][ T8690] exFAT-fs (loop1): Filesystem has been set read-only [pid 5831] restart_syscall(<... resuming interrupted clone ...>executing program ./strace-static-x86_64: Process 8693 attached [pid 8692] write(1, "executing program\n", 18 [pid 5833] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] rmdir("./247/file1" [pid 8693] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8692] <... write resumed>) = 18 [pid 8691] <... clone3 resumed> => {parent_tid=[8693]}, 88) = 8693 [pid 8693] <... rseq resumed>) = 0 [pid 8691] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rmdir resumed>) = 0 [pid 8693] set_robust_list(0x7f300ac489a0, 24 [pid 8692] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8693] <... set_robust_list resumed>) = 0 [pid 8692] <... futex resumed>) = 0 [pid 8691] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8693] rt_sigprocmask(SIG_SETMASK, [], [pid 8692] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8691] <... futex resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8691] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 3 [pid 8693] memfd_create("syzkaller", 0 [pid 5831] newfstatat(3, "", ./strace-static-x86_64: Process 8694 attached [pid 8693] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8694] set_robust_list(0x55556b85b6a0, 24 [pid 8693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] getdents64(3, [pid 8693] <... mmap resumed>) = 0x7f3002800000 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8694] <... set_robust_list resumed>) = 0 [pid 8693] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8694] chdir("./248" [pid 8693] <... write resumed>) = 131072 [pid 8692] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8694 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./247/binderfs", [pid 8694] <... chdir resumed>) = 0 [pid 5831] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8694] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8693] munmap(0x7f3002800000, 138412032 [pid 8692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8694] <... prctl resumed>) = 0 [pid 8693] <... munmap resumed>) = 0 [pid 8692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] newfstatat(AT_FDCWD, "./250/file1", [pid 5830] unlink("./247/binderfs" [pid 8694] setpgid(0, 0 [pid 8692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8694] <... setpgid resumed>) = 0 [pid 5831] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 8694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8693] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8693] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./250/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8694] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8694] write(3, "1000", 4 [pid 8693] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(4, [pid 8692] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] getdents64(3, [pid 8692] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8694] <... write resumed>) = 4 [pid 8692] <... mprotect resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] close(3) = 0 executing program [pid 8694] close(3 [pid 5831] getdents64(4, [pid 5830] rmdir("./247" [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8694] <... close resumed>) = 0 [pid 5831] close(4 [pid 8694] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... close resumed>) = 0 [pid 8694] <... symlink resumed>) = 0 [pid 5831] rmdir("./250/file1" [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] mkdir("./248", 0777 [pid 8694] write(1, "executing program\n", 18) = 18 [pid 5831] umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 8692] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8692] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8694] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] newfstatat(AT_FDCWD, "./250/binderfs", [pid 5830] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8695 attached [pid 8694] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8695] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8694] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8695] <... rseq resumed>) = 0 [pid 8692] <... clone3 resumed> => {parent_tid=[8695]}, 88) = 8695 [pid 5830] <... ioctl resumed>) = 0 [pid 8695] set_robust_list(0x7f300ac489a0, 24 [pid 8692] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] close(3 [pid 8695] <... set_robust_list resumed>) = 0 [pid 8692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8694] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] unlink("./250/binderfs" [pid 8694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... unlink resumed>) = 0 [pid 8694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] getdents64(3, [pid 8694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8695] rt_sigprocmask(SIG_SETMASK, [], [pid 8694] <... mmap resumed>) = 0x7f300ac28000 [pid 8692] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 8695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8692] <... futex resumed>) = 0 [pid 5831] close(3 [pid 8692] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./250" [pid 8694] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... rmdir resumed>) = 0 [pid 8694] <... mprotect resumed>) = 0 [pid 8694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] mkdir("./251", 0777 [pid 8693] <... ioctl resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8696 attached [pid 8693] close(3) = 0 [pid 8693] close(4) = 0 [pid 8693] mkdir("./file1", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8696] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8694] <... clone3 resumed> => {parent_tid=[8696]}, 88) = 8696 [pid 5831] <... openat resumed>) = 3 [pid 8696] <... rseq resumed>) = 0 [pid 8694] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8696] set_robust_list(0x7f300ac489a0, 24 [pid 8694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8696] <... set_robust_list resumed>) = 0 [pid 8694] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8693] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5831] close(3 [pid 8695] memfd_create("syzkaller", 0 [pid 5831] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8695] <... memfd_create resumed>) = 3 [pid 8696] rt_sigprocmask(SIG_SETMASK, [], [pid 8694] <... futex resumed>) = 0 [pid 8696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8694] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8696] memfd_create("syzkaller", 0./strace-static-x86_64: Process 8697 attached ) = 3 [pid 8697] set_robust_list(0x55556b85b6a0, 24 [pid 8695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8697 [pid 8697] <... set_robust_list resumed>) = 0 [pid 8696] <... mmap resumed>) = 0x7f3002800000 [pid 8695] <... mmap resumed>) = 0x7f3002800000 [ 221.634452][ T8693] loop4: detected capacity change from 0 to 256 [pid 8697] chdir("./248" [pid 8696] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8695] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8697] <... chdir resumed>) = 0 [pid 8697] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8695] <... write resumed>) = 131072 [pid 8697] <... prctl resumed>) = 0 [pid 8695] munmap(0x7f3002800000, 138412032 [pid 8697] setpgid(0, 0./strace-static-x86_64: Process 8698 attached ) = 0 [pid 8696] <... write resumed>) = 131072 [pid 8695] <... munmap resumed>) = 0 [pid 8696] munmap(0x7f3002800000, 138412032) = 0 [pid 8698] set_robust_list(0x55556b85b6a0, 24 [pid 8697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8696] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8695] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8698] <... set_robust_list resumed>) = 0 [pid 8697] <... openat resumed>) = 3 [pid 8696] <... openat resumed>) = 4 [pid 8695] <... openat resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8698 [pid 8697] write(3, "1000", 4 [pid 8695] ioctl(4, LOOP_SET_FD, 3 [pid 8697] <... write resumed>) = 4 [pid 8698] chdir("./251" [pid 8696] ioctl(4, LOOP_SET_FD, 3 [pid 8698] <... chdir resumed>) = 0 [pid 8697] close(3 [pid 8695] <... ioctl resumed>) = 0 [pid 8697] <... close resumed>) = 0 [pid 8697] symlink("/dev/binderfs", "./binderfs" [pid 8698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8697] <... symlink resumed>) = 0 [pid 8698] setpgid(0, 0) = 0 [pid 8698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8698] write(3, "1000", 4) = 4 [pid 8698] close(3) = 0 [pid 8698] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8697] write(1, "executing program\n", 18) = 18 [pid 8697] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8697] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8698] write(1, "executing program\n", 18 [pid 8697] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program ) = 0x7f300ac28000 [pid 8698] <... write resumed>) = 18 [pid 8697] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8698] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8698] <... futex resumed>) = 0 [pid 8697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8698] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 ./strace-static-x86_64: Process 8699 attached [pid 8697] <... clone3 resumed> => {parent_tid=[8699]}, 88) = 8699 [pid 8698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8697] rt_sigprocmask(SIG_SETMASK, [], [pid 8698] <... mmap resumed>) = 0x7f300ac28000 [pid 8698] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8697] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8698] <... mprotect resumed>) = 0 [pid 8693] <... mount resumed>) = 0 [pid 8697] <... futex resumed>) = 0 [pid 8697] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8699] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8698] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8693] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8698] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8699] <... rseq resumed>) = 0 [pid 8699] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8699] rt_sigprocmask(SIG_SETMASK, [], [pid 8693] <... openat resumed>) = 3 [pid 8699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8696] <... ioctl resumed>) = 0 [pid 8695] close(3 [pid 8693] chdir("./file1") = 0 [pid 8693] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 8700 attached [pid 8699] memfd_create("syzkaller", 0 [pid 8696] close(3 [pid 8695] <... close resumed>) = 0 [pid 8693] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8696] <... close resumed>) = 0 [pid 8699] <... memfd_create resumed>) = 3 [pid 8696] close(4 [pid 8695] close(4 [pid 8699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8698] <... clone3 resumed> => {parent_tid=[8700]}, 88) = 8700 [pid 8696] <... close resumed>) = 0 [pid 8695] <... close resumed>) = 0 [pid 8699] <... mmap resumed>) = 0x7f3002800000 [pid 8695] mkdir("./file1", 0777 [pid 8696] mkdir("./file1", 0777 [pid 8699] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8698] rt_sigprocmask(SIG_SETMASK, [], [pid 8696] <... mkdir resumed>) = 0 [pid 8695] <... mkdir resumed>) = 0 [pid 8693] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8696] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8693] <... futex resumed>) = 1 [pid 8691] <... futex resumed>) = 0 [pid 8698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8700] <... rseq resumed>) = 0 [pid 8695] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8691] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] set_robust_list(0x7f300ac489a0, 24 [pid 8698] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8693] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8691] <... futex resumed>) = 0 [pid 8698] <... futex resumed>) = 0 [pid 8700] <... set_robust_list resumed>) = 0 [pid 8698] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8691] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8699] <... write resumed>) = 131072 [pid 8693] <... openat resumed>) = 4 [ 221.684361][ T8693] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.710657][ T8695] loop2: detected capacity change from 0 to 256 [ 221.711617][ T8696] loop3: detected capacity change from 0 to 256 [pid 8700] memfd_create("syzkaller", 0 [pid 8693] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] <... memfd_create resumed>) = 3 [pid 8700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8693] <... futex resumed>) = 1 [pid 8691] <... futex resumed>) = 0 [pid 8699] munmap(0x7f3002800000, 138412032 [pid 8693] mkdir("./file2", 0777 [pid 8691] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8691] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8699] <... munmap resumed>) = 0 [pid 8700] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8700] <... write resumed>) = 131072 [ 221.775288][ T8693] exFAT-fs (loop4): error, data size is invalid(9000) [ 221.793703][ T8696] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.796514][ T8699] loop0: detected capacity change from 0 to 256 [ 221.813080][ T8693] exFAT-fs (loop4): Filesystem has been set read-only [pid 8699] ioctl(4, LOOP_SET_FD, 3 [pid 8700] munmap(0x7f3002800000, 138412032) = 0 [pid 8700] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8700] ioctl(4, LOOP_SET_FD, 3 [pid 8693] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8693] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8696] <... mount resumed>) = 0 [ 221.824478][ T8700] loop1: detected capacity change from 0 to 256 [pid 8696] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8691] <... futex resumed>) = ? [pid 8696] <... openat resumed>) = 3 [pid 8696] chdir("./file1" [pid 8700] <... ioctl resumed>) = 0 [pid 8696] <... chdir resumed>) = 0 [pid 8700] close(3) = 0 [pid 8700] close(4 [pid 8696] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8700] <... close resumed>) = 0 [pid 8700] mkdir("./file1", 0777) = 0 [pid 8696] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8700] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8699] <... ioctl resumed>) = 0 [pid 8696] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8699] close(3 [pid 8696] <... futex resumed>) = 1 [pid 8694] <... futex resumed>) = 0 [pid 8696] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8694] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8699] <... close resumed>) = 0 [pid 8699] close(4) = 0 [pid 8699] mkdir("./file1", 0777) = 0 [pid 8696] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8694] <... futex resumed>) = 0 [pid 8694] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8699] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8696] <... openat resumed>) = 4 [pid 8696] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8694] <... futex resumed>) = 0 [pid 8696] mkdir("./file2", 0777 [pid 8694] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8695] <... mount resumed>) = 0 [pid 8694] <... futex resumed>) = 0 [pid 8693] +++ killed by SIGSEGV +++ [pid 8691] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8691, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8694] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8695] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] <... restart_syscall resumed>) = 0 [pid 8695] chdir("./file1") = 0 [pid 5834] umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8695] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] getdents64(3, [pid 8695] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8695] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8695] <... futex resumed>) = 1 [pid 8692] <... futex resumed>) = 0 [pid 8692] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8692] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 221.846672][ T8695] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 221.883515][ T8696] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8695] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./248/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", [pid 8696] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8695] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8692] <... futex resumed>) = 0 [pid 8692] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8692] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] getdents64(4, [pid 8695] mkdir("./file2", 0777 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8696] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] getdents64(4, [pid 8694] <... futex resumed>) = ? [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./248/file1") = 0 [pid 5834] umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8696] +++ killed by SIGSEGV +++ [pid 8694] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8694, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5834] newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./248/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 221.918659][ T8696] exFAT-fs (loop3): Filesystem has been set read-only [ 221.930124][ T8695] exFAT-fs (loop2): error, data size is invalid(9000) [ 221.955179][ T8700] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] newfstatat(3, "", [pid 5834] rmdir("./248" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] mkdir("./249", 0777 [pid 5833] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8695] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8692] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... mkdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8692] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8692] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... openat resumed>) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] close(3) = 0 ./strace-static-x86_64: Process 8701 attached [pid 8692] <... clone3 resumed> => {parent_tid=[8701]}, 88) = 8701 [pid 8701] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8692] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8701] set_robust_list(0x7f300ac279a0, 24 [pid 5833] <... umount2 resumed>) = 0 [pid 8701] <... set_robust_list resumed>) = 0 [pid 5833] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8701] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] newfstatat(AT_FDCWD, "./248/file1", [pid 8701] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8702 attached [pid 8700] <... mount resumed>) = 0 [pid 8692] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8702 [pid 5833] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8701] <... futex resumed>) = 0 [pid 8692] <... futex resumed>) = 1 [pid 8702] set_robust_list(0x55556b85b6a0, 24 [pid 8701] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8702] <... set_robust_list resumed>) = 0 [pid 8695] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8692] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 8700] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 8702] chdir("./249" [pid 5833] rmdir("./248/file1" [pid 8700] <... openat resumed>) = 3 [pid 5833] <... rmdir resumed>) = 0 [pid 8700] chdir("./file1" [pid 5833] umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8700] <... chdir resumed>) = 0 [pid 8702] <... chdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8701] <... ioctl resumed>) = ? [pid 8700] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8692] <... futex resumed>) = ? [pid 5833] newfstatat(AT_FDCWD, "./248/binderfs", [pid 8702] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8701] +++ killed by SIGSEGV +++ [pid 8700] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8702] <... prctl resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8702] setpgid(0, 0 [ 221.980311][ T8695] exFAT-fs (loop2): Filesystem has been set read-only [pid 5833] unlink("./248/binderfs" [pid 8702] <... setpgid resumed>) = 0 [pid 8700] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 8702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8695] +++ killed by SIGSEGV +++ [pid 8692] +++ killed by SIGSEGV +++ [pid 8702] <... openat resumed>) = 3 [pid 8700] <... futex resumed>) = 1 [pid 8698] <... futex resumed>) = 0 [pid 8702] write(3, "1000", 4 [pid 8700] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8692, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8702] <... write resumed>) = 4 [pid 8698] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8702] close(3 [pid 8698] <... futex resumed>) = 1 [pid 8702] <... close resumed>) = 0 [pid 8700] <... futex resumed>) = 0 [pid 8698] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8702] symlink("/dev/binderfs", "./binderfs" [pid 8700] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] close(3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 8702] <... symlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8702] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] rmdir("./248" [pid 8702] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8702] <... futex resumed>) = 0 [pid 8702] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8700] <... openat resumed>) = 4 [pid 5833] mkdir("./249", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8702] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8700] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8700] <... futex resumed>) = 1 [pid 8702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8700] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8698] <... futex resumed>) = 0 [ 222.028345][ T8699] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8702] <... mmap resumed>) = 0x7f300ac28000 [pid 8698] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8702] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8700] <... futex resumed>) = 0 [pid 8698] <... futex resumed>) = 1 [pid 8702] <... mprotect resumed>) = 0 [pid 8700] mkdir("./file2", 0777 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8698] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(AT_FDCWD, "./242/file1", [pid 5833] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] close(3 [pid 5832] umount2("./242/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./242/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] rmdir("./242/file1") = 0 [pid 5832] umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./242/binderfs", [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8703 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8699] <... mount resumed>) = 0 [pid 5832] unlink("./242/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./242") = 0 [pid 8699] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 8703 attached [pid 8702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] mkdir("./243", 0777 [pid 8703] set_robust_list(0x55556b85b6a0, 24 [pid 8702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8703] <... set_robust_list resumed>) = 0 [pid 8703] chdir("./249"./strace-static-x86_64: Process 8704 attached [pid 8702] <... clone3 resumed> => {parent_tid=[8704]}, 88) = 8704 [pid 8703] <... chdir resumed>) = 0 [pid 8702] rt_sigprocmask(SIG_SETMASK, [], [pid 8703] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8704] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8703] <... prctl resumed>) = 0 [pid 8702] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8704] <... rseq resumed>) = 0 [pid 8703] setpgid(0, 0 [pid 8702] <... futex resumed>) = 0 [pid 8704] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8702] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = 0 [pid 8699] <... openat resumed>) = 3 [pid 8699] chdir("./file1") = 0 [pid 8704] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8699] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8697] <... futex resumed>) = 0 [pid 8699] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8697] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8697] <... futex resumed>) = 0 [pid 8704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8699] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8697] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 3 [pid 8704] memfd_create("syzkaller", 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8700] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8704] <... memfd_create resumed>) = 3 [pid 8703] <... setpgid resumed>) = 0 [pid 8699] <... openat resumed>) = 4 [pid 5832] <... ioctl resumed>) = 0 [pid 8704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8699] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 8699] <... futex resumed>) = 1 [pid 8697] <... futex resumed>) = 0 [pid 8697] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8700] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8697] <... futex resumed>) = 0 [pid 8704] <... mmap resumed>) = 0x7f3002800000 [pid 8703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8699] mkdir("./file2", 0777 [pid 8698] <... futex resumed>) = ? [pid 5832] <... close resumed>) = 0 [ 222.081155][ T8700] exFAT-fs (loop1): error, data size is invalid(9000) [ 222.106936][ T8700] exFAT-fs (loop1): Filesystem has been set read-only [pid 8697] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8704] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8703] <... openat resumed>) = 3 [pid 8703] write(3, "1000", 4 [pid 8700] +++ killed by SIGSEGV +++ [pid 8698] +++ killed by SIGSEGV +++ [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8705 attached [pid 8704] <... write resumed>) = 131072 [pid 8703] <... write resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8698, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8703] close(3 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8705 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8705] set_robust_list(0x55556b85b6a0, 24 [pid 8703] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8703] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8705] <... set_robust_list resumed>) = 0 [pid 8704] munmap(0x7f3002800000, 138412032 [pid 8703] <... symlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8705] chdir("./243" [pid 8704] <... munmap resumed>) = 0 [pid 8703] write(1, "executing program\n", 18 [pid 5831] <... openat resumed>) = 3 [pid 8705] <... chdir resumed>) = 0 [pid 8704] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8703] <... write resumed>) = 18 [pid 5831] newfstatat(3, "", [pid 8705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8704] <... openat resumed>) = 4 [pid 8703] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8705] setpgid(0, 0 [pid 8703] <... futex resumed>) = 0 [pid 8705] <... setpgid resumed>) = 0 [pid 8704] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, [pid 8705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8703] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8705] <... openat resumed>) = 3 [pid 8705] write(3, "1000", 4 [pid 8703] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./251/file1", [pid 8705] <... write resumed>) = 4 [pid 8703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8699] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8705] close(3 [pid 8703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8699] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8705] <... close resumed>) = 0 [pid 8703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8703] <... mmap resumed>) = 0x7f300ac28000 [ 222.142686][ T8699] exFAT-fs (loop0): error, data size is invalid(9000) [ 222.166317][ T8699] exFAT-fs (loop0): Filesystem has been set read-only [ 222.186764][ T8704] loop4: detected capacity change from 0 to 256 [pid 8697] <... futex resumed>) = ? [pid 8705] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./251/file1") = 0 [pid 5831] umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./251/binderfs", [pid 8705] <... symlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./251/binderfs"executing program [pid 8699] +++ killed by SIGSEGV +++ [pid 8705] write(1, "executing program\n", 18 [pid 8697] +++ killed by SIGSEGV +++ [pid 8703] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... unlink resumed>) = 0 [pid 8705] <... write resumed>) = 18 [pid 8703] <... mprotect resumed>) = 0 [pid 5831] getdents64(3, [pid 8704] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8697, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8705] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8704] close(3 [pid 8703] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] close(3 [pid 8704] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8704] close(4 [pid 5831] rmdir("./251" [pid 8705] <... futex resumed>) = 0 [pid 8704] <... close resumed>) = 0 [pid 8703] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8705] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8704] mkdir("./file1", 0777 [pid 8703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] mkdir("./252", 0777 [pid 8705] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8704] <... mkdir resumed>) = 0 [pid 8705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8704] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8703] <... clone3 resumed> => {parent_tid=[8706]}, 88) = 8706 [pid 5831] <... mkdir resumed>) = 0 [pid 8705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8703] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8706 attached [pid 8705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8705] <... mmap resumed>) = 0x7f300ac28000 [pid 8703] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8705] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8703] <... futex resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8705] <... mprotect resumed>) = 0 [pid 8703] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5830] newfstatat(3, "", [pid 8706] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8705] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8706] <... rseq resumed>) = 0 [pid 8705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] getdents64(3, [pid 8706] set_robust_list(0x7f300ac489a0, 24 [pid 8705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8706] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8706] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8708 attached ./strace-static-x86_64: Process 8707 attached [pid 8706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8708] set_robust_list(0x55556b85b6a0, 24 [pid 8707] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8706] memfd_create("syzkaller", 0 [pid 8705] <... clone3 resumed> => {parent_tid=[8707]}, 88) = 8707 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8708] <... set_robust_list resumed>) = 0 [pid 8706] <... memfd_create resumed>) = 3 [pid 8705] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] newfstatat(AT_FDCWD, "./248/file1", [pid 8708] chdir("./252" [pid 8707] <... rseq resumed>) = 0 [pid 8706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8708] <... chdir resumed>) = 0 [pid 8707] set_robust_list(0x7f300ac489a0, 24 [pid 8706] <... mmap resumed>) = 0x7f3002800000 [pid 8705] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8708 [pid 5830] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8708] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8707] <... set_robust_list resumed>) = 0 [pid 8706] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8705] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8707] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8707] memfd_create("syzkaller", 0 [pid 5830] newfstatat(4, "", [pid 8708] <... prctl resumed>) = 0 [pid 8707] <... memfd_create resumed>) = 3 [pid 8705] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8708] setpgid(0, 0 [pid 8707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5830] getdents64(4, [pid 8708] <... setpgid resumed>) = 0 [pid 8707] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8706] <... write resumed>) = 131072 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./248/file1") = 0 [pid 8708] <... openat resumed>) = 3 [pid 8707] <... write resumed>) = 131072 [pid 8706] munmap(0x7f3002800000, 138412032 [pid 5830] umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./248/binderfs") = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 8707] munmap(0x7f3002800000, 138412032 [pid 5830] <... close resumed>) = 0 [pid 8708] write(3, "1000", 4 [pid 8707] <... munmap resumed>) = 0 [pid 8704] <... mount resumed>) = 0 [pid 5830] rmdir("./248" [pid 8708] <... write resumed>) = 4 [pid 8707] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8704] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 8708] close(3) = 0 [pid 8707] <... openat resumed>) = 4 [pid 8704] <... openat resumed>) = 3 [pid 5830] mkdir("./249", 0777 [pid 8708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8704] chdir("./file1" [pid 5830] <... mkdir resumed>) = 0 executing program [pid 8708] write(1, "executing program\n", 18) = 18 [pid 8707] ioctl(4, LOOP_SET_FD, 3 [pid 8704] <... chdir resumed>) = 0 [pid 8708] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8707] <... ioctl resumed>) = 0 [pid 8706] <... munmap resumed>) = 0 [pid 8704] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8708] <... futex resumed>) = 0 [pid 8704] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8708] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8704] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8708] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8704] <... futex resumed>) = 1 [pid 8702] <... futex resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8704] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8702] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8702] <... futex resumed>) = 0 [pid 8708] <... mmap resumed>) = 0x7f300ac28000 [pid 8706] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8704] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8702] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] close(3 [pid 8708] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8706] <... openat resumed>) = 4 [pid 5830] <... close resumed>) = 0 [pid 8708] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8706] ioctl(4, LOOP_SET_FD, 3 [pid 8708] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8709 attached [pid 8708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8707] close(3 [pid 8704] <... openat resumed>) = 4 [ 222.273764][ T8704] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 222.300897][ T8707] loop2: detected capacity change from 0 to 256 [ 222.316872][ T8706] loop3: detected capacity change from 0 to 256 [pid 8704] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8710 attached [pid 8709] set_robust_list(0x55556b85b6a0, 24 [pid 8708] <... clone3 resumed> => {parent_tid=[8710]}, 88) = 8710 [pid 8707] <... close resumed>) = 0 [pid 8704] <... futex resumed>) = 1 [pid 8702] <... futex resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8709 [pid 8710] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8709] <... set_robust_list resumed>) = 0 [pid 8708] rt_sigprocmask(SIG_SETMASK, [], [pid 8707] close(4 [pid 8704] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8702] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] <... rseq resumed>) = 0 [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8707] <... close resumed>) = 0 [pid 8704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8702] <... futex resumed>) = 0 [pid 8710] set_robust_list(0x7f300ac489a0, 24 [pid 8709] chdir("./249" [pid 8707] mkdir("./file1", 0777 [pid 8704] mkdir("./file2", 0777 [pid 8702] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8710] <... set_robust_list resumed>) = 0 [pid 8709] <... chdir resumed>) = 0 [pid 8708] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8707] <... mkdir resumed>) = 0 [pid 8709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8709] setpgid(0, 0) = 0 [pid 8709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8707] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8709] write(3, "1000", 4) = 4 [pid 8709] close(3) = 0 [pid 8709] symlink("/dev/binderfs", "./binderfs" [pid 8710] rt_sigprocmask(SIG_SETMASK, [], [pid 8708] <... futex resumed>) = 0 executing program [pid 8709] <... symlink resumed>) = 0 [pid 8710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8708] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8706] <... ioctl resumed>) = 0 [pid 8709] write(1, "executing program\n", 18) = 18 [pid 8709] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8709] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8706] close(3 [pid 8709] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8706] <... close resumed>) = 0 [pid 8709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8706] close(4 [pid 8709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8706] <... close resumed>) = 0 [pid 8709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8706] mkdir("./file1", 0777 [pid 8710] memfd_create("syzkaller", 0 [pid 8709] <... mmap resumed>) = 0x7f300ac28000 [pid 8706] <... mkdir resumed>) = 0 [pid 8710] <... memfd_create resumed>) = 3 [pid 8709] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8704] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8709] <... mprotect resumed>) = 0 [pid 8706] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8702] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8702] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] <... mmap resumed>) = 0x7f3002800000 [pid 8702] <... futex resumed>) = 0 [ 222.333074][ T8704] exFAT-fs (loop4): error, data size is invalid(9000) [ 222.350718][ T8704] exFAT-fs (loop4): Filesystem has been set read-only [ 222.364741][ T8707] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8704] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8710] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8709] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8702] ???() = ? [pid 8710] <... write resumed>) = 131072 [pid 8709] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8704] +++ killed by SIGSEGV +++ [pid 8702] +++ killed by SIGSEGV +++ [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8702, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5834] umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 8711 attached [pid 8709] <... clone3 resumed> => {parent_tid=[8711]}, 88) = 8711 [pid 8707] <... mount resumed>) = 0 [pid 5834] newfstatat(3, "", [pid 8709] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8707] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] getdents64(3, [pid 8709] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8709] <... futex resumed>) = 0 [pid 8707] <... openat resumed>) = 3 [pid 5834] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8709] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8707] chdir("./file1" [pid 8711] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8710] munmap(0x7f3002800000, 138412032 [pid 8707] <... chdir resumed>) = 0 [pid 8706] <... mount resumed>) = 0 [pid 8707] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8706] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8711] <... rseq resumed>) = 0 [pid 8710] <... munmap resumed>) = 0 [pid 8707] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8706] <... openat resumed>) = 3 [pid 8707] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8706] chdir("./file1" [pid 8707] <... futex resumed>) = 1 [pid 8711] set_robust_list(0x7f300ac489a0, 24 [pid 8710] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8707] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8706] <... chdir resumed>) = 0 [pid 8705] <... futex resumed>) = 0 [pid 8706] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8710] <... openat resumed>) = 4 [pid 8706] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8705] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8707] <... futex resumed>) = 0 [pid 8706] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8705] <... futex resumed>) = 1 [pid 8711] <... set_robust_list resumed>) = 0 [pid 8707] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 222.404838][ T8706] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8705] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8711] rt_sigprocmask(SIG_SETMASK, [], [pid 8710] ioctl(4, LOOP_SET_FD, 3 [pid 8707] <... openat resumed>) = 4 [pid 8706] <... futex resumed>) = 1 [pid 8703] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8707] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8706] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8703] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8706] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8711] memfd_create("syzkaller", 0 [pid 8707] <... futex resumed>) = 1 [pid 8705] <... futex resumed>) = 0 [pid 8703] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8711] <... memfd_create resumed>) = 3 [pid 8707] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8705] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8703] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(AT_FDCWD, "./249/file1", [pid 8711] <... mmap resumed>) = 0x7f3002800000 [pid 8707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8705] <... futex resumed>) = 0 [pid 8711] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8707] mkdir("./file2", 0777 [pid 8706] <... openat resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8711] <... write resumed>) = 131072 [pid 8705] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8706] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8711] munmap(0x7f3002800000, 138412032) = 0 [pid 8706] <... futex resumed>) = 1 [pid 8703] <... futex resumed>) = 0 [pid 5834] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8706] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8703] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8703] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8706] mkdir("./file2", 0777 [pid 8711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8711] ioctl(4, LOOP_SET_FD, 3 [pid 8710] <... ioctl resumed>) = 0 [ 222.454819][ T8710] loop1: detected capacity change from 0 to 256 [ 222.466870][ T8707] exFAT-fs (loop2): error, data size is invalid(9000) [ 222.482676][ T8711] loop0: detected capacity change from 0 to 256 [ 222.489553][ T8706] exFAT-fs (loop3): error, data size is invalid(9000) [ 222.490464][ T8707] exFAT-fs (loop2): Filesystem has been set read-only [pid 5834] openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8710] close(3 [pid 8703] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... openat resumed>) = 4 [pid 8710] <... close resumed>) = 0 [pid 8710] close(4) = 0 [pid 8710] mkdir("./file1", 0777 [pid 8711] <... ioctl resumed>) = 0 [pid 8710] <... mkdir resumed>) = 0 [pid 8711] close(3 [pid 8710] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8711] <... close resumed>) = 0 [pid 8711] close(4 [pid 5834] newfstatat(4, "", [pid 8711] <... close resumed>) = 0 [pid 8711] mkdir("./file1", 0777) = 0 [pid 8711] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, [pid 8705] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 8706] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... close resumed>) = 0 [pid 8706] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8705] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] rmdir("./249/file1" [pid 8705] <... futex resumed>) = 0 [pid 8705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 5834] <... rmdir resumed>) = 0 [pid 8705] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8703] <... futex resumed>) = ? [pid 8706] +++ killed by SIGSEGV +++ [pid 8705] <... mprotect resumed>) = 0 [pid 5834] umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8705] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] newfstatat(AT_FDCWD, "./249/binderfs", [pid 8705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8705] <... clone3 resumed> => {parent_tid=[8712]}, 88) = 8712 [pid 8707] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8705] rt_sigprocmask(SIG_SETMASK, [], [pid 8707] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] unlink("./249/binderfs"./strace-static-x86_64: Process 8712 attached ) = 0 [pid 5834] getdents64(3, [pid 8712] +++ killed by SIGSEGV +++ [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./249" [pid 8707] +++ killed by SIGSEGV +++ [pid 8705] +++ killed by SIGSEGV +++ [pid 5834] <... rmdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8705, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5834] mkdir("./250", 0777 [pid 5832] umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(3 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8710] <... mount resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8710] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8710] chdir("./file1") = 0 [pid 8710] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8710] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8708] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8710] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8710] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 222.503236][ T8706] exFAT-fs (loop3): Filesystem has been set read-only [ 222.523162][ T8710] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 222.541161][ T8711] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8708] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8710] mkdir("./file2", 0777 [pid 8711] <... mount resumed>) = 0 [pid 8711] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8703] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = 0 [pid 8711] <... openat resumed>) = 3 [pid 5832] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8711] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8711] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./243/file1", [pid 8711] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8711] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8703, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5832] umount2("./243/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./243/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8713 attached ) = 4 [pid 8711] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(4, "", [pid 8713] set_robust_list(0x55556b85b6a0, 24 [pid 8711] <... futex resumed>) = 1 [pid 8709] <... futex resumed>) = 0 [pid 5833] umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8709] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 8709] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8709] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5833] newfstatat(3, "", [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(4 [pid 5833] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] rmdir("./243/file1" [pid 8711] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8713] <... set_robust_list resumed>) = 0 [pid 8711] <... openat resumed>) = 4 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8713 [pid 5832] <... rmdir resumed>) = 0 [pid 8711] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8711] <... futex resumed>) = 1 [pid 8709] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8709] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 222.583292][ T8710] exFAT-fs (loop1): error, data size is invalid(9000) [pid 5832] newfstatat(AT_FDCWD, "./243/binderfs", [pid 8713] chdir("./250" [pid 8709] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8711] mkdir("./file2", 0777 [pid 8709] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] unlink("./243/binderfs" [pid 8713] <... chdir resumed>) = 0 [pid 8708] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... umount2 resumed>) = 0 [pid 8713] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8708] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... unlink resumed>) = 0 [pid 8713] <... prctl resumed>) = 0 [pid 8713] setpgid(0, 0 [pid 8708] <... futex resumed>) = 0 [pid 5833] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 8713] <... setpgid resumed>) = 0 [pid 8708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8708] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] newfstatat(AT_FDCWD, "./249/file1", [pid 5832] close(3 [pid 8708] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 8708] <... mprotect resumed>) = 0 [pid 5833] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] rmdir("./243" [pid 8713] <... openat resumed>) = 3 [pid 8708] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... rmdir resumed>) = 0 [pid 8713] write(3, "1000", 4 [pid 8708] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] mkdir("./244", 0777 [pid 8708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... openat resumed>) = 4 [pid 5832] <... mkdir resumed>) = 0 [pid 8713] <... write resumed>) = 4 [pid 5833] newfstatat(4, "", [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8708] <... clone3 resumed> => {parent_tid=[8714]}, 88) = 8714 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8708] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] getdents64(4, [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... ioctl resumed>) = 0 [pid 8708] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 5832] close(3./strace-static-x86_64: Process 8714 attached [pid 8713] close(3 [pid 8708] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8708] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] close(4 [pid 8713] <... close resumed>) = 0 [pid 8714] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8713] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8714] <... rseq resumed>) = 0 [pid 8713] <... symlink resumed>) = 0 [pid 8711] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] rmdir("./249/file1") = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8710] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8710] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8715 [pid 5833] newfstatat(AT_FDCWD, "./249/binderfs", ./strace-static-x86_64: Process 8715 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./249/binderfs") = 0 [pid 5833] getdents64(3, [pid 8715] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8715] <... set_robust_list resumed>) = 0 [pid 5833] close(3 [pid 8715] chdir("./244" [pid 5833] <... close resumed>) = 0 [pid 8715] <... chdir resumed>) = 0 [pid 5833] rmdir("./249" [pid 8715] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... rmdir resumed>) = 0 executing program [pid 8715] <... prctl resumed>) = 0 [pid 5833] mkdir("./250", 0777 [pid 8713] write(1, "executing program\n", 18 [pid 8715] setpgid(0, 0 [pid 8713] <... write resumed>) = 18 [pid 8708] <... futex resumed>) = ? [pid 5833] <... mkdir resumed>) = 0 [pid 8714] +++ killed by SIGSEGV +++ [pid 8713] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8710] +++ killed by SIGSEGV +++ [pid 8708] +++ killed by SIGSEGV +++ [pid 8715] <... setpgid resumed>) = 0 [pid 8713] <... futex resumed>) = 0 [pid 8715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8713] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8715] <... openat resumed>) = 3 [pid 8713] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8709] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8708, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 8713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8709] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8715] write(3, "1000", 4 [pid 8713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8709] <... futex resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5831] umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8715] <... write resumed>) = 4 [pid 8713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] close(3 [pid 8715] close(3 [pid 8713] <... mmap resumed>) = 0x7f300ac28000 [pid 8709] <... mmap resumed>) = 0x7f300ac07000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8715] <... close resumed>) = 0 [pid 8715] symlink("/dev/binderfs", "./binderfs" [pid 8713] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8709] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8715] <... symlink resumed>) = 0 [pid 8713] <... mprotect resumed>) = 0 [pid 8709] <... mprotect resumed>) = 0 [pid 8711] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8709] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 5831] <... openat resumed>) = 3 [pid 8715] write(1, "executing program\n", 18 [pid 8713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8709] <... rt_sigprocmask resumed>[], 8) = 14 [pid 8715] <... write resumed>) = 18 [pid 8713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [ 222.625720][ T8711] exFAT-fs (loop0): error, data size is invalid(9000) [ 222.637185][ T8710] exFAT-fs (loop1): Filesystem has been set read-only [ 222.660769][ T8711] exFAT-fs (loop0): Filesystem has been set read-only [pid 8715] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8715] <... futex resumed>) = 0 [pid 8711] +++ killed by SIGSEGV +++ [pid 8709] +++ killed by SIGSEGV +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8716 attached [pid 8715] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8716] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8713] <... clone3 resumed> => {parent_tid=[8716]}, 88) = 8716 [pid 5831] getdents64(3, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8709, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- ./strace-static-x86_64: Process 8717 attached [pid 8716] <... rseq resumed>) = 0 [pid 8715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8713] rt_sigprocmask(SIG_SETMASK, [], [pid 8716] set_robust_list(0x7f300ac489a0, 24 [pid 8715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8716] <... set_robust_list resumed>) = 0 [pid 8715] <... mmap resumed>) = 0x7f300ac28000 [pid 8713] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8717] set_robust_list(0x55556b85b6a0, 24 [pid 8716] rt_sigprocmask(SIG_SETMASK, [], [pid 8715] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8713] <... futex resumed>) = 0 [pid 8717] <... set_robust_list resumed>) = 0 [pid 8716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8715] <... mprotect resumed>) = 0 [pid 8713] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8717 [pid 5831] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] chdir("./250" [pid 8716] memfd_create("syzkaller", 0 [pid 8715] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8717] <... chdir resumed>) = 0 [pid 8716] <... memfd_create resumed>) = 3 [pid 8715] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8718 attached [pid 8717] <... prctl resumed>) = 0 [pid 8716] <... mmap resumed>) = 0x7f3002800000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8718] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8717] setpgid(0, 0 [pid 8715] <... clone3 resumed> => {parent_tid=[8718]}, 88) = 8718 [pid 5830] openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8718] <... rseq resumed>) = 0 [pid 8715] rt_sigprocmask(SIG_SETMASK, [], [pid 8718] set_robust_list(0x7f300ac489a0, 24 [pid 8717] <... setpgid resumed>) = 0 [pid 8715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8718] <... set_robust_list resumed>) = 0 [pid 8717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8716] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8715] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8718] rt_sigprocmask(SIG_SETMASK, [], [pid 8715] <... futex resumed>) = 0 [pid 8718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8717] <... openat resumed>) = 3 [pid 8715] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8718] memfd_create("syzkaller", 0 [pid 8717] write(3, "1000", 4 [pid 8718] <... memfd_create resumed>) = 3 [pid 5830] getdents64(3, [pid 8718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8717] <... write resumed>) = 4 [pid 8718] <... mmap resumed>) = 0x7f3002800000 [pid 8717] close(3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8717] <... close resumed>) = 0 [pid 8718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8717] symlink("/dev/binderfs", "./binderfs" [pid 5830] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] <... symlink resumed>) = 0 executing program [pid 8717] write(1, "executing program\n", 18 [pid 8716] <... write resumed>) = 131072 [pid 8717] <... write resumed>) = 18 [pid 8717] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8717] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8718] <... write resumed>) = 131072 [pid 8717] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8716] munmap(0x7f3002800000, 138412032 [pid 5831] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8716] <... munmap resumed>) = 0 [pid 8717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8717] <... mmap resumed>) = 0x7f300ac28000 [pid 8717] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8716] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./252/file1", [pid 5830] <... umount2 resumed>) = 0 [pid 8718] munmap(0x7f3002800000, 138412032 [pid 8717] <... mprotect resumed>) = 0 [pid 8716] <... openat resumed>) = 4 [pid 8718] <... munmap resumed>) = 0 [pid 8717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8718] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8716] ioctl(4, LOOP_SET_FD, 3 [pid 5831] openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./249/file1", ./strace-static-x86_64: Process 8719 attached [pid 8718] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8719] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8718] ioctl(4, LOOP_SET_FD, 3 [pid 8717] <... clone3 resumed> => {parent_tid=[8719]}, 88) = 8719 [pid 8719] <... rseq resumed>) = 0 [pid 8717] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] newfstatat(4, "", [pid 5830] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5830] <... openat resumed>) = 4 [pid 8717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] newfstatat(4, "", [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8719] set_robust_list(0x7f300ac489a0, 24 [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8717] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(4, [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8719] <... set_robust_list resumed>) = 0 [pid 5831] close(4 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8717] <... futex resumed>) = 0 [pid 5830] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8719] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] rmdir("./252/file1" [pid 5830] close(4 [pid 8719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8717] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] rmdir("./249/file1" [pid 8719] memfd_create("syzkaller", 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8719] <... memfd_create resumed>) = 3 [pid 8719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8719] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] newfstatat(AT_FDCWD, "./252/binderfs", [pid 5830] newfstatat(AT_FDCWD, "./249/binderfs", [pid 8719] <... write resumed>) = 131072 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./249/binderfs" [pid 5831] unlink("./252/binderfs" [pid 5830] <... unlink resumed>) = 0 [pid 8719] munmap(0x7f3002800000, 138412032 [pid 5831] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8719] <... munmap resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 8719] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 8719] <... openat resumed>) = 4 [pid 8718] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./249" [pid 8719] ioctl(4, LOOP_SET_FD, 3 [pid 5831] rmdir("./252" [pid 8718] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 8718] <... close resumed>) = 0 [pid 8718] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 8718] <... close resumed>) = 0 [pid 5830] mkdir("./250", 0777 [pid 5831] mkdir("./253", 0777 [pid 8718] mkdir("./file1", 0777) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8716] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... ioctl resumed>) = 0 [pid 8716] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 8716] <... close resumed>) = 0 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 8718] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8716] close(4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8716] <... close resumed>) = 0 [ 222.748450][ T8716] loop4: detected capacity change from 0 to 256 [ 222.753488][ T8718] loop2: detected capacity change from 0 to 256 ./strace-static-x86_64: Process 8720 attached [pid 8716] mkdir("./file1", 0777) = 0 [pid 8720] set_robust_list(0x55556b85b6a0, 24 [pid 8716] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8720] <... set_robust_list resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8720] chdir("./250" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8720 [pid 8719] <... ioctl resumed>) = 0 [pid 8719] close(3) = 0 [pid 8719] close(4) = 0 [pid 8719] mkdir("./file1", 0777) = 0 [ 222.795260][ T8719] loop3: detected capacity change from 0 to 256 [ 222.807217][ T8718] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8719] mount("/dev/loop3", "./file1", "exfat", 0, ""./strace-static-x86_64: Process 8721 attached [pid 8720] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8721 [pid 8720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8721] set_robust_list(0x55556b85b6a0, 24 [pid 8720] setpgid(0, 0 [pid 8721] <... set_robust_list resumed>) = 0 [pid 8721] chdir("./253") = 0 [pid 8720] <... setpgid resumed>) = 0 [pid 8721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8721] setpgid(0, 0) = 0 [pid 8721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8721] write(3, "1000", 4) = 4 [pid 8721] close(3 [pid 8718] <... mount resumed>) = 0 [pid 8721] <... close resumed>) = 0 [pid 8721] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8718] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8718] chdir("./file1") = 0 [pid 8721] write(1, "executing program\n", 18 [pid 8718] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8721] <... write resumed>) = 18 [pid 8718] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8721] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8718] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8721] <... futex resumed>) = 0 [pid 8718] <... futex resumed>) = 1 [pid 8721] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8718] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8715] <... futex resumed>) = 0 [pid 8721] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8715] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8718] <... futex resumed>) = 0 [pid 8715] <... futex resumed>) = 1 [pid 8721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8718] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8715] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8718] <... openat resumed>) = 4 [pid 8721] <... mmap resumed>) = 0x7f300ac28000 [pid 8718] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8721] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8718] <... futex resumed>) = 1 [pid 8715] <... futex resumed>) = 0 [pid 8718] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8715] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8715] <... futex resumed>) = 0 [pid 8721] <... mprotect resumed>) = 0 [pid 8720] <... openat resumed>) = 3 [pid 8718] mkdir("./file2", 0777 [pid 8715] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8721] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8720] write(3, "1000", 4 [pid 8721] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8720] <... write resumed>) = 4 [pid 8721] <... clone3 resumed> => {parent_tid=[8722]}, 88) = 8722 [pid 8720] close(3./strace-static-x86_64: Process 8722 attached [pid 8721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8721] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8719] <... mount resumed>) = 0 [pid 8721] <... futex resumed>) = 0 [pid 8719] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8721] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8719] <... openat resumed>) = 3 [pid 8722] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8719] chdir("./file1" [pid 8722] <... rseq resumed>) = 0 [pid 8719] <... chdir resumed>) = 0 [pid 8722] set_robust_list(0x7f300ac489a0, 24 [pid 8719] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8722] <... set_robust_list resumed>) = 0 [pid 8719] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8722] rt_sigprocmask(SIG_SETMASK, [], [pid 8719] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8717] <... futex resumed>) = 0 [pid 8722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8719] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8717] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8720] <... close resumed>) = 0 [pid 8722] memfd_create("syzkaller", 0 [pid 8720] symlink("/dev/binderfs", "./binderfs" [pid 8719] <... openat resumed>) = 4 [pid 8717] <... futex resumed>) = 0 [pid 8717] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8720] <... symlink resumed>) = 0 [pid 8720] write(1, "executing program\n", 18executing program ) = 18 [pid 8722] <... memfd_create resumed>) = 3 [ 222.835535][ T8719] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 222.852921][ T8716] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 222.870006][ T8718] exFAT-fs (loop2): error, data size is invalid(9000) [pid 8720] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8720] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8719] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8722] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8719] <... futex resumed>) = 1 [pid 8717] <... futex resumed>) = 0 [pid 8720] <... mmap resumed>) = 0x7f300ac28000 [pid 8717] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8717] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8720] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8719] mkdir("./file2", 0777 [pid 8720] <... mprotect resumed>) = 0 [pid 8720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8722] <... write resumed>) = 131072 [pid 8720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8718] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8722] munmap(0x7f3002800000, 138412032 [pid 8720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8722] <... munmap resumed>) = 0 [pid 8722] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8722] ioctl(4, LOOP_SET_FD, 3 [pid 8720] <... clone3 resumed> => {parent_tid=[8723]}, 88) = 8723 [pid 8716] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8723 attached [pid 8720] rt_sigprocmask(SIG_SETMASK, [], [pid 8716] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8723] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8722] <... ioctl resumed>) = 0 [pid 8720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8718] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8716] <... openat resumed>) = 3 [pid 8715] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8723] <... rseq resumed>) = 0 [pid 8720] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8716] chdir("./file1" [pid 8723] set_robust_list(0x7f300ac489a0, 24 [pid 8720] <... futex resumed>) = 0 [pid 8716] <... chdir resumed>) = 0 [pid 8723] <... set_robust_list resumed>) = 0 [pid 8720] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8716] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8723] rt_sigprocmask(SIG_SETMASK, [], [pid 8722] close(3 [pid 8718] +++ killed by SIGSEGV +++ [pid 8717] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8716] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8715] +++ killed by SIGSEGV +++ [pid 8723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8722] <... close resumed>) = 0 [pid 8717] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8716] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8715, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8723] memfd_create("syzkaller", 0 [pid 8722] close(4 [pid 8717] <... futex resumed>) = 0 [pid 8716] <... futex resumed>) = 1 [pid 8713] <... futex resumed>) = 0 [pid 8723] <... memfd_create resumed>) = 3 [pid 8722] <... close resumed>) = 0 [pid 8717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8716] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8713] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8722] mkdir("./file1", 0777 [pid 8716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8713] <... futex resumed>) = 0 [pid 8723] <... mmap resumed>) = 0x7f3002800000 [pid 8722] <... mkdir resumed>) = 0 [pid 8717] <... mmap resumed>) = 0x7f300ac07000 [pid 8722] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8717] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8723] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8717] <... mprotect resumed>) = 0 [pid 8716] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8713] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8723] <... write resumed>) = 131072 [pid 8717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8716] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8724 attached [ 222.897207][ T8719] exFAT-fs (loop3): error, data size is invalid(9000) [ 222.909212][ T8718] exFAT-fs (loop2): Filesystem has been set read-only [ 222.919835][ T8722] loop1: detected capacity change from 0 to 256 [ 222.936935][ T8719] exFAT-fs (loop3): Filesystem has been set read-only [pid 8723] munmap(0x7f3002800000, 138412032 [pid 8717] <... clone3 resumed> => {parent_tid=[8724]}, 88) = 8724 [pid 8716] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8724] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8717] rt_sigprocmask(SIG_SETMASK, [], [pid 8716] <... futex resumed>) = 1 [pid 8713] <... futex resumed>) = 0 [pid 5832] umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8724] <... rseq resumed>) = 0 [pid 8723] <... munmap resumed>) = 0 [pid 8719] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8716] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8713] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8713] <... futex resumed>) = 0 [pid 8713] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8716] mkdir("./file2", 0777 [pid 8724] set_robust_list(0x7f300ac279a0, 24 [pid 8719] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8717] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8724] <... set_robust_list resumed>) = ? [pid 8717] <... futex resumed>) = ? [pid 5832] <... openat resumed>) = 3 [pid 8724] +++ killed by SIGSEGV +++ [pid 5832] newfstatat(3, "", [pid 8719] +++ killed by SIGSEGV +++ [pid 8717] +++ killed by SIGSEGV +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8717, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8723] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8723] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8723] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./244/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./244/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./244/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 222.973306][ T8722] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 222.990416][ T8716] exFAT-fs (loop4): error, data size is invalid(9000) [ 223.010997][ T8723] loop0: detected capacity change from 0 to 256 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4 [pid 5833] newfstatat(AT_FDCWD, "./250/file1", [pid 5832] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./244/file1" [pid 5833] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./250/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(4, "", [pid 5832] newfstatat(AT_FDCWD, "./244/binderfs", [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] getdents64(4, [pid 5832] unlink("./244/binderfs" [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... unlink resumed>) = 0 [pid 5833] getdents64(4, [pid 5832] getdents64(3, [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 5832] close(3 [pid 8723] <... ioctl resumed>) = 0 [pid 8716] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8723] close(3) = 0 [pid 8723] close(4 [pid 5833] rmdir("./250/file1" [pid 5832] rmdir("./244" [pid 8723] <... close resumed>) = 0 [pid 8716] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8723] mkdir("./file1", 0777 [pid 8722] <... mount resumed>) = 0 [pid 8713] <... futex resumed>) = ? [pid 5833] umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] mkdir("./245", 0777 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... mkdir resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./250/binderfs" [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5833] getdents64(3, [ 223.019376][ T8716] exFAT-fs (loop4): Filesystem has been set read-only [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5833] close(3 [pid 5832] close(3 [pid 8722] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8722] <... openat resumed>) = 3 [pid 5833] rmdir("./250" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8723] <... mkdir resumed>) = 0 [pid 8722] chdir("./file1" [pid 8716] +++ killed by SIGSEGV +++ [pid 8713] +++ killed by SIGSEGV +++ [pid 5833] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8725 attached [pid 8723] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8713, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8725] set_robust_list(0x55556b85b6a0, 24 [pid 8722] <... chdir resumed>) = 0 [pid 5833] mkdir("./251", 0777 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8725 [pid 8725] <... set_robust_list resumed>) = 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8725] chdir("./245" [pid 8722] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... mkdir resumed>) = 0 [pid 8722] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8725] <... chdir resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8725] setpgid(0, 0 [pid 8722] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8725] <... setpgid resumed>) = 0 [pid 5834] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8722] <... futex resumed>) = 1 [pid 8721] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... ioctl resumed>) = 0 [pid 8725] <... openat resumed>) = 3 [pid 8722] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8721] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] close(3 [pid 8725] write(3, "1000", 4 [pid 8721] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 8725] <... write resumed>) = 4 [pid 8721] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(3, "", [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8726 attached [pid 8725] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8726] set_robust_list(0x55556b85b6a0, 24 [pid 8725] <... close resumed>) = 0 [pid 8722] <... openat resumed>) = 4 [pid 5834] getdents64(3, [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8726 [pid 8725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8722] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 executing program [pid 8726] <... set_robust_list resumed>) = 0 [pid 8725] write(1, "executing program\n", 18 [pid 8722] <... futex resumed>) = 1 [pid 8721] <... futex resumed>) = 0 [pid 5834] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8725] <... write resumed>) = 18 [pid 8722] mkdir("./file2", 0777 [pid 8721] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8726] chdir("./251" [pid 8725] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8721] <... futex resumed>) = 0 [pid 8721] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8725] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8725] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8726] <... chdir resumed>) = 0 [pid 8726] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8725] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8726] <... prctl resumed>) = 0 [pid 8725] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] newfstatat(AT_FDCWD, "./250/file1", [pid 8726] setpgid(0, 0 [pid 8725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8726] <... setpgid resumed>) = 0 [pid 8725] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8725] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8726] <... openat resumed>) = 3 [pid 8725] <... mprotect resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./250/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8725] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... openat resumed>) = 4 [pid 8726] write(3, "1000", 4 [pid 8725] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, [pid 8725] <... clone3 resumed> => {parent_tid=[8727]}, 88) = 8727 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8725] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] close(4 [pid 8725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 8726] <... write resumed>) = 4 [pid 5834] rmdir("./250/file1" [pid 8725] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8727 attached [ 223.092977][ T8722] exFAT-fs (loop1): error, data size is invalid(9000) [ 223.115437][ T8722] exFAT-fs (loop1): Filesystem has been set read-only [pid 8727] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8726] close(3 [pid 8725] <... futex resumed>) = 0 [pid 8722] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... rmdir resumed>) = 0 [pid 8726] <... close resumed>) = 0 [pid 8725] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8727] <... rseq resumed>) = 0 [pid 8726] symlink("/dev/binderfs", "./binderfs" [pid 8727] set_robust_list(0x7f300ac489a0, 24 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8722] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8727] <... set_robust_list resumed>) = 0 [pid 8726] <... symlink resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./250/binderfs", [pid 8721] <... futex resumed>) = ? [pid 8722] +++ killed by SIGSEGV +++ [pid 8721] +++ killed by SIGSEGV +++ executing program [pid 8727] rt_sigprocmask(SIG_SETMASK, [], [pid 8726] write(1, "executing program\n", 18 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./250/binderfs" [pid 8727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8726] <... write resumed>) = 18 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8721, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8727] memfd_create("syzkaller", 0 [pid 8726] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8727] <... memfd_create resumed>) = 3 [pid 8726] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8726] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] getdents64(3, [pid 8727] <... mmap resumed>) = 0x7f3002800000 [pid 8726] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] close(3 [pid 8726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./250" [pid 8726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8726] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8726] <... mprotect resumed>) = 0 [pid 5834] mkdir("./251", 0777 [pid 8726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8728 attached [pid 5831] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8727] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8726] <... clone3 resumed> => {parent_tid=[8728]}, 88) = 8728 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./253/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8726] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8728] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8726] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 8728] <... rseq resumed>) = 0 [pid 8726] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] newfstatat(4, "", [pid 5834] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8728] set_robust_list(0x7f300ac489a0, 24 [pid 5834] close(3 [pid 5831] getdents64(4, [pid 8727] <... write resumed>) = 131072 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8728] <... set_robust_list resumed>) = 0 [pid 8723] <... mount resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 8728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 8723] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./253/file1" [pid 8728] memfd_create("syzkaller", 0 [pid 8723] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./253/binderfs", [pid 8723] chdir("./file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./253/binderfs" [pid 8727] munmap(0x7f3002800000, 138412032 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 8723] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8723] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] close(3 [pid 8723] <... futex resumed>) = 1 [pid 8720] <... futex resumed>) = 0 [pid 8723] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 223.144522][ T8723] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8720] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8728] <... memfd_create resumed>) = 3 [pid 8727] <... munmap resumed>) = 0 [pid 8723] <... openat resumed>) = 4 [pid 8720] <... futex resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8727] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8720] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 ./strace-static-x86_64: Process 8729 attached [pid 8728] <... mmap resumed>) = 0x7f3002800000 [pid 8727] <... openat resumed>) = 4 [pid 8723] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] rmdir("./253" [pid 8729] set_robust_list(0x55556b85b6a0, 24 [pid 8728] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8727] ioctl(4, LOOP_SET_FD, 3 [pid 8723] <... futex resumed>) = 1 [pid 8720] <... futex resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8729 [pid 5831] <... rmdir resumed>) = 0 [pid 8723] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8720] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8720] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8729] <... set_robust_list resumed>) = 0 [pid 8723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8729] chdir("./251" [pid 5831] mkdir("./254", 0777 [pid 8728] <... write resumed>) = 131072 [pid 5831] <... mkdir resumed>) = 0 [pid 8723] mkdir("./file2", 0777 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 8729] <... chdir resumed>) = 0 [pid 8728] munmap(0x7f3002800000, 138412032 [pid 8727] <... ioctl resumed>) = 0 [pid 8729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8727] close(3 [pid 8729] setpgid(0, 0 [pid 8727] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8729] <... setpgid resumed>) = 0 [pid 8728] <... munmap resumed>) = 0 [pid 8727] close(4 [pid 8729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8728] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8727] <... close resumed>) = 0 [pid 8728] <... openat resumed>) = 4 [pid 8727] mkdir("./file1", 0777./strace-static-x86_64: Process 8730 attached [pid 8729] <... openat resumed>) = 3 [pid 8728] ioctl(4, LOOP_SET_FD, 3 [pid 8727] <... mkdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8730 [ 223.219924][ T8727] loop2: detected capacity change from 0 to 256 [ 223.231974][ T8723] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8730] set_robust_list(0x55556b85b6a0, 24 [pid 8729] write(3, "1000", 4 [pid 8728] <... ioctl resumed>) = 0 [pid 8727] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8720] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8730] <... set_robust_list resumed>) = 0 [pid 8729] <... write resumed>) = 4 [pid 8728] close(3 [pid 8730] chdir("./254" [pid 8729] close(3 [pid 8728] <... close resumed>) = 0 [pid 8720] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8728] close(4 [pid 8730] <... chdir resumed>) = 0 [pid 8729] <... close resumed>) = 0 [pid 8728] <... close resumed>) = 0 [pid 8720] <... futex resumed>) = 0 [pid 8730] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8729] symlink("/dev/binderfs", "./binderfs" [pid 8728] mkdir("./file1", 0777 [pid 8730] <... prctl resumed>) = 0 [pid 8720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8728] <... mkdir resumed>) = 0 [pid 8730] setpgid(0, 0 [pid 8720] <... mmap resumed>) = 0x7f300ac07000 [pid 8730] <... setpgid resumed>) = 0 [pid 8728] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8729] <... symlink resumed>) = 0 [pid 8730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8720] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 8730] <... openat resumed>) = 3 [pid 8729] write(1, "executing program\n", 18 [pid 8720] <... mprotect resumed>) = 0 [pid 8730] write(3, "1000", 4 [pid 8729] <... write resumed>) = 18 [pid 8730] <... write resumed>) = 4 [pid 8730] close(3 [pid 8729] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8730] <... close resumed>) = 0 [pid 8729] <... futex resumed>) = 0 [pid 8730] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8729] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8730] write(1, "executing program\n", 18 [pid 8729] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8730] <... write resumed>) = 18 [pid 8730] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8730] <... futex resumed>) = 0 [pid 8729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8720] <... clone3 resumed> => {parent_tid=[8731]}, 88) = 8731 [pid 8730] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8720] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8731 attached [pid 8730] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8729] <... mmap resumed>) = 0x7f300ac28000 [pid 8720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8731] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8729] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8720] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8731] <... rseq resumed>) = 0 [pid 8730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8729] <... mprotect resumed>) = 0 [pid 8720] <... futex resumed>) = 0 [pid 8731] set_robust_list(0x7f300ac279a0, 24 [pid 8730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8720] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8731] <... set_robust_list resumed>) = 0 [pid 8730] <... mmap resumed>) = 0x7f300ac28000 [pid 8729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8731] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8723] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8723] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 223.260222][ T8728] loop3: detected capacity change from 0 to 256 [ 223.267869][ T8723] exFAT-fs (loop0): Filesystem has been set read-only [pid 8731] <... ioctl resumed>) = ? [pid 8729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8720] <... futex resumed>) = ? [pid 8730] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8723] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8732 attached [pid 8730] <... mprotect resumed>) = 0 [pid 8732] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8731] +++ killed by SIGSEGV +++ [pid 8730] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8729] <... clone3 resumed> => {parent_tid=[8732]}, 88) = 8732 [pid 8720] +++ killed by SIGSEGV +++ [pid 8732] <... rseq resumed>) = 0 [pid 8732] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8732] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8730] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8729] rt_sigprocmask(SIG_SETMASK, [], [pid 8730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8720, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8729] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8732] <... futex resumed>) = 0 [pid 8730] <... clone3 resumed> => {parent_tid=[8733]}, 88) = 8733 [pid 8729] <... futex resumed>) = 1 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8732] memfd_create("syzkaller", 0 [pid 8730] rt_sigprocmask(SIG_SETMASK, [], [pid 8732] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 8733 attached [pid 8732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8733] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8732] <... mmap resumed>) = 0x7f3002800000 [pid 8733] <... rseq resumed>) = 0 [pid 8732] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8733] set_robust_list(0x7f300ac489a0, 24 [pid 8730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8729] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8733] <... set_robust_list resumed>) = 0 [pid 8733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8732] <... write resumed>) = 131072 [pid 8730] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8733] memfd_create("syzkaller", 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8730] <... futex resumed>) = 0 [pid 8730] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8727] <... mount resumed>) = 0 [pid 8733] <... memfd_create resumed>) = 3 [pid 8733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8733] <... mmap resumed>) = 0x7f3002800000 [pid 8733] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8732] munmap(0x7f3002800000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8727] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8732] <... munmap resumed>) = 0 [pid 8728] <... mount resumed>) = 0 [pid 8727] <... openat resumed>) = 3 [pid 8727] chdir("./file1" [pid 5830] <... openat resumed>) = 3 [pid 8733] <... write resumed>) = 131072 [pid 8727] <... chdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8728] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8727] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 8727] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8727] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8728] <... openat resumed>) = 3 [pid 8727] <... futex resumed>) = 1 [pid 8725] <... futex resumed>) = 0 [pid 8728] chdir("./file1" [pid 5830] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8733] munmap(0x7f3002800000, 138412032 [pid 8732] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8728] <... chdir resumed>) = 0 [pid 8727] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8725] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8733] <... munmap resumed>) = 0 [pid 8732] <... openat resumed>) = 4 [pid 8725] <... futex resumed>) = 0 [ 223.299675][ T8727] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 223.323832][ T8728] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8733] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8732] ioctl(4, LOOP_SET_FD, 3 [pid 8725] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8733] <... openat resumed>) = 4 [pid 8728] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... umount2 resumed>) = 0 [pid 8733] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8728] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8727] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8728] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./250/file1", [pid 8727] <... openat resumed>) = 4 [pid 8728] <... futex resumed>) = 1 [pid 8733] <... ioctl resumed>) = 0 [pid 8728] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8727] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8726] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8727] <... futex resumed>) = 1 [pid 8726] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8725] <... futex resumed>) = 0 [pid 8726] <... futex resumed>) = 1 [pid 5830] umount2("./250/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8725] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8728] <... futex resumed>) = 0 [pid 8727] mkdir("./file2", 0777 [pid 8726] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8728] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8725] <... futex resumed>) = 0 [pid 8728] <... openat resumed>) = 4 [pid 8725] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8728] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "./250/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8732] <... ioctl resumed>) = 0 [pid 8732] close(3) = 0 [pid 8732] close(4) = 0 [pid 8732] mkdir("./file1", 0777) = 0 [pid 8728] <... futex resumed>) = 1 [pid 8726] <... futex resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8732] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8728] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8726] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(4, "", [pid 8728] mkdir("./file2", 0777 [pid 8726] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8733] close(3) = 0 [pid 8733] close(4) = 0 [pid 8733] mkdir("./file1", 0777) = 0 [ 223.379264][ T8732] loop4: detected capacity change from 0 to 256 [ 223.391708][ T8733] loop1: detected capacity change from 0 to 256 [ 223.399316][ T8727] exFAT-fs (loop2): error, data size is invalid(9000) [ 223.421550][ T8728] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8733] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5830] getdents64(4, [pid 8726] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 8727] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] close(4 [pid 8725] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./250/file1" [ 223.428385][ T8728] exFAT-fs (loop3): Filesystem has been set read-only [ 223.449748][ T8727] exFAT-fs (loop2): Filesystem has been set read-only [pid 8725] <... futex resumed>) = 0 [pid 8728] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8726] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8725] <... mmap resumed>) = 0x7f300ac07000 [pid 5830] umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8726] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8725] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8725] <... mprotect resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./250/binderfs", [pid 8726] <... futex resumed>) = 0 [pid 8726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8728] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8726] <... mmap resumed>) = 0x7f300ac07000 [pid 5830] unlink("./250/binderfs" [pid 8728] +++ killed by SIGSEGV +++ [pid 8727] +++ killed by SIGSEGV +++ [pid 8725] +++ killed by SIGSEGV +++ [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8725, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8726] +++ killed by SIGSEGV +++ [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8726, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] rmdir("./250" [pid 5833] umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] mkdir("./251", 0777 [pid 5833] openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] getdents64(3, [pid 5832] <... openat resumed>) = 3 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(3, "", [pid 5833] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8732] <... mount resumed>) = 0 [pid 5833] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./251/file1", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./245/file1", [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./245/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5833] <... openat resumed>) = 4 [pid 8732] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 8732] chdir("./file1" [pid 5832] openat(AT_FDCWD, "./245/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8732] <... chdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8732] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] getdents64(4, [pid 5832] <... openat resumed>) = 4 [pid 8732] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8734 attached [pid 8732] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] newfstatat(4, "", [pid 8732] <... futex resumed>) = 1 [pid 8729] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8729] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] getdents64(4, [pid 8729] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8732] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] getdents64(4, [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8734 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 5833] close(4 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] close(4 [pid 8732] <... openat resumed>) = 4 [pid 5833] rmdir("./251/file1" [pid 5832] <... close resumed>) = 0 [ 223.490207][ T8732] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 223.512353][ T8733] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8734] set_robust_list(0x55556b85b6a0, 24 [pid 8732] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] rmdir("./245/file1" [pid 8732] <... futex resumed>) = 1 [pid 8729] <... futex resumed>) = 0 [pid 5833] umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 8732] mkdir("./file2", 0777 [pid 8729] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8734] <... set_robust_list resumed>) = 0 [pid 8729] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./251/binderfs", [pid 8729] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8734] chdir("./251" [pid 8733] <... mount resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8734] <... chdir resumed>) = 0 [pid 8734] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./245/binderfs" [pid 8733] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] unlink("./251/binderfs" [pid 5832] <... unlink resumed>) = 0 [pid 8733] <... openat resumed>) = 3 [pid 5833] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 8733] chdir("./file1" [pid 5833] getdents64(3, [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8733] <... chdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8734] <... prctl resumed>) = 0 [pid 8733] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] close(3 [pid 5832] <... close resumed>) = 0 [pid 8733] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... close resumed>) = 0 [pid 5832] rmdir("./245" [pid 8733] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./251" [pid 5832] <... rmdir resumed>) = 0 [pid 8733] <... futex resumed>) = 1 [pid 8730] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] mkdir("./246", 0777 [pid 8734] setpgid(0, 0 [pid 8733] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] mkdir("./252", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 8734] <... setpgid resumed>) = 0 [pid 8730] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8733] <... futex resumed>) = 0 [pid 8730] <... futex resumed>) = 1 [pid 5832] <... openat resumed>) = 3 [pid 8734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8733] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8730] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8734] <... openat resumed>) = 3 [pid 8733] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8734] write(3, "1000", 4 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 8734] <... write resumed>) = 4 [pid 8733] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] close(3 [pid 8734] close(3 [pid 8733] <... futex resumed>) = 1 [pid 8732] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8730] <... futex resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8734] <... close resumed>) = 0 [pid 8733] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8730] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8734] symlink("/dev/binderfs", "./binderfs" [pid 8730] <... futex resumed>) = 0 [pid 8734] <... symlink resumed>) = 0 [pid 8730] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8734] write(1, "executing program\n", 18 [pid 8733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] close(3executing program [pid 8733] mkdir("./file2", 0777 [pid 5833] <... close resumed>) = 0 [pid 8734] <... write resumed>) = 18 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8734] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8734] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 8735 attached NULL, 8) = 0 [pid 8734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8735] set_robust_list(0x55556b85b6a0, 24 [pid 8734] <... mmap resumed>) = 0x7f300ac28000 [pid 8734] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8735] <... set_robust_list resumed>) = 0 [pid 8734] <... mprotect resumed>) = 0 [pid 8729] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8735 [pid 5832] <... close resumed>) = 0 [pid 8729] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8734] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8729] <... mmap resumed>) = 0x7f300ac07000 [pid 8734] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8729] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8729] <... mprotect resumed>) = 0 [pid 8729] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 8736 attached [pid 8734] <... clone3 resumed> => {parent_tid=[8736]}, 88) = 8736 [pid 8729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8736] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8734] rt_sigprocmask(SIG_SETMASK, [], [pid 8729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8736] <... rseq resumed>) = 0 [pid 8734] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8737 attached [pid 8736] set_robust_list(0x7f300ac489a0, 24 [pid 8735] chdir("./252" [pid 8734] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8732] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8738 attached [pid 8736] <... set_robust_list resumed>) = 0 [pid 8735] <... chdir resumed>) = 0 [pid 8734] <... futex resumed>) = 0 [pid 8738] set_robust_list(0x55556b85b6a0, 24 [pid 8736] rt_sigprocmask(SIG_SETMASK, [], [pid 8735] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8734] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8729] <... clone3 resumed> ) = ? [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8738 [pid 8737] +++ killed by SIGSEGV +++ [pid 8736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8735] <... prctl resumed>) = 0 [ 223.564229][ T8732] exFAT-fs (loop4): error, data size is invalid(9000) [ 223.591052][ T8732] exFAT-fs (loop4): Filesystem has been set read-only [ 223.603311][ T8733] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8732] +++ killed by SIGSEGV +++ [pid 8729] +++ killed by SIGSEGV +++ [pid 8738] <... set_robust_list resumed>) = 0 [pid 8736] memfd_create("syzkaller", 0 [pid 8735] setpgid(0, 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8729, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 8738] chdir("./246") = 0 [pid 8735] <... setpgid resumed>) = 0 [pid 5834] umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8738] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8738] <... prctl resumed>) = 0 [pid 8736] <... memfd_create resumed>) = 3 [pid 8735] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8738] setpgid(0, 0 [pid 8736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8735] write(3, "1000", 4 [pid 5834] <... openat resumed>) = 3 [pid 8736] <... mmap resumed>) = 0x7f3002800000 [pid 5834] newfstatat(3, "", [pid 8738] <... setpgid resumed>) = 0 [pid 8735] <... write resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8735] close(3 [pid 8738] <... openat resumed>) = 3 [pid 8735] <... close resumed>) = 0 [pid 5834] getdents64(3, [pid 8738] write(3, "1000", 4 [pid 8735] symlink("/dev/binderfs", "./binderfs" [pid 8738] <... write resumed>) = 4 [pid 8735] <... symlink resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8738] close(3 [pid 8736] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8735] write(1, "executing program\n", 18executing program [pid 8738] <... close resumed>) = 0 [pid 8736] <... write resumed>) = 131072 [pid 8735] <... write resumed>) = 18 [pid 8730] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8735] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8730] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8736] munmap(0x7f3002800000, 138412032 [pid 8735] <... futex resumed>) = 0 [pid 8730] <... futex resumed>) = 0 [pid 8735] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8735] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8730] <... mmap resumed>) = 0x7f300ac07000 [pid 8738] symlink("/dev/binderfs", "./binderfs" [pid 8735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8730] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8738] <... symlink resumed>) = 0 [pid 8735] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 8738] write(1, "executing program\n", 18 [pid 8735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8730] <... mprotect resumed>) = 0 [pid 8738] <... write resumed>) = 18 [pid 8736] <... munmap resumed>) = 0 [pid 8735] <... mmap resumed>) = 0x7f300ac28000 [pid 8738] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8735] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8730] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8738] <... futex resumed>) = 0 [pid 8735] <... mprotect resumed>) = 0 [pid 8738] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8736] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8735] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8730] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8738] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8736] <... openat resumed>) = 4 [pid 8735] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8733] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8736] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8739 attached [pid 8738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8733] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8740 attached [pid 8738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8740] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8738] <... mmap resumed>) = 0x7f300ac28000 [pid 8735] <... clone3 resumed> => {parent_tid=[8740]}, 88) = 8740 [pid 8740] <... rseq resumed>) = 0 [pid 8738] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8735] rt_sigprocmask(SIG_SETMASK, [], [pid 8740] set_robust_list(0x7f300ac489a0, 24 [pid 8738] <... mprotect resumed>) = 0 [pid 8735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8740] <... set_robust_list resumed>) = 0 [pid 8738] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8735] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8740] rt_sigprocmask(SIG_SETMASK, [], [pid 8738] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8736] <... ioctl resumed>) = 0 [pid 8735] <... futex resumed>) = 0 [pid 8730] <... clone3 resumed> ) = ? [pid 5834] newfstatat(AT_FDCWD, "./251/file1", [pid 8738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8735] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8741 attached [pid 8740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8738] <... clone3 resumed> => {parent_tid=[8741]}, 88) = 8741 [pid 8733] +++ killed by SIGSEGV +++ [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8740] memfd_create("syzkaller", 0 [pid 8738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8738] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8741] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8738] <... futex resumed>) = 0 [pid 8741] <... rseq resumed>) = 0 [pid 8739] +++ killed by SIGSEGV +++ [pid 8738] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8736] close(3 [pid 8730] +++ killed by SIGSEGV +++ [pid 5834] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8741] set_robust_list(0x7f300ac489a0, 24 [pid 8740] <... memfd_create resumed>) = 3 [pid 8736] <... close resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8730, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8741] <... set_robust_list resumed>) = 0 [pid 8740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8736] close(4 [pid 5834] openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8741] rt_sigprocmask(SIG_SETMASK, [], [pid 8736] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8740] <... mmap resumed>) = 0x7f3002800000 [pid 8736] mkdir("./file1", 0777 [pid 5834] newfstatat(4, "", [pid 5831] umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8741] memfd_create("syzkaller", 0 [pid 8740] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8736] <... mkdir resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8741] <... memfd_create resumed>) = 3 [pid 8736] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] getdents64(4, [pid 5831] openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8740] <... write resumed>) = 131072 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 3 [pid 8741] <... mmap resumed>) = 0x7f3002800000 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(3, "", [pid 8741] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 8741] <... write resumed>) = 131072 [pid 5834] rmdir("./251/file1" [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8740] munmap(0x7f3002800000, 138412032 [pid 5831] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... rmdir resumed>) = 0 [pid 8740] <... munmap resumed>) = 0 [pid 5834] umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8740] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 223.634738][ T8733] exFAT-fs (loop1): Filesystem has been set read-only [ 223.668803][ T8736] loop0: detected capacity change from 0 to 256 [pid 8741] munmap(0x7f3002800000, 138412032 [pid 8740] ioctl(4, LOOP_SET_FD, 3 [pid 8741] <... munmap resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./251/binderfs") = 0 [pid 8741] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8741] ioctl(4, LOOP_SET_FD, 3 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5834] close(3) = 0 [pid 8740] <... ioctl resumed>) = 0 [pid 8740] close(3) = 0 [pid 8740] close(4) = 0 [pid 8740] mkdir("./file1", 0777) = 0 [pid 5834] rmdir("./251" [pid 8740] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8741] <... ioctl resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] mkdir("./252", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./254/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./254/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8741] close(3 [pid 5831] newfstatat(4, "", [pid 8741] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8741] close(4 [pid 5831] getdents64(4, [pid 8741] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8741] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 8741] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./254/file1") = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8741] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5831] umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./254/binderfs") = 0 [ 223.713334][ T8740] loop3: detected capacity change from 0 to 256 [ 223.728233][ T8741] loop2: detected capacity change from 0 to 256 [ 223.748500][ T8736] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] getdents64(3, [pid 5834] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3 [pid 5831] close(3 [pid 8736] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./254") = 0 [pid 8736] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] mkdir("./255", 0777 [pid 8736] chdir("./file1" [pid 5831] <... mkdir resumed>) = 0 [pid 8736] <... chdir resumed>) = 0 [pid 8736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8736] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8736] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8734] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8734] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8734] <... futex resumed>) = 1 [pid 5831] close(3./strace-static-x86_64: Process 8742 attached [pid 8734] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8742 [pid 8736] <... futex resumed>) = 0 [pid 8736] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8742] set_robust_list(0x55556b85b6a0, 24 [pid 8740] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8742] <... set_robust_list resumed>) = 0 [pid 8740] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8742] chdir("./252" [pid 8740] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8740] chdir("./file1" [pid 8742] <... chdir resumed>) = 0 [pid 8742] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8740] <... chdir resumed>) = 0 [pid 8736] <... openat resumed>) = 4 [pid 8742] <... prctl resumed>) = 0 [pid 8740] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 8743 attached [pid 8742] setpgid(0, 0 [pid 8743] set_robust_list(0x55556b85b6a0, 24 [pid 8742] <... setpgid resumed>) = 0 [pid 8740] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8736] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8734] <... futex resumed>) = 0 [pid 8740] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8740] <... futex resumed>) = 1 [pid 8736] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8735] <... futex resumed>) = 0 [pid 8734] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8743 [pid 8740] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8734] <... futex resumed>) = 0 [pid 8735] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] <... openat resumed>) = 3 [pid 8740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8735] <... futex resumed>) = 0 [ 223.789267][ T8740] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 223.823328][ T8741] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8734] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8740] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8736] mkdir("./file2", 0777 [pid 8735] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8743] <... set_robust_list resumed>) = 0 [pid 8740] <... openat resumed>) = 4 [pid 8743] chdir("./255" [pid 8742] write(3, "1000", 4 [pid 8740] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] <... write resumed>) = 4 [pid 8740] <... futex resumed>) = 1 [pid 8735] <... futex resumed>) = 0 [pid 8740] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8735] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] close(3 [pid 8740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8735] <... futex resumed>) = 0 [pid 8743] <... chdir resumed>) = 0 [pid 8742] <... close resumed>) = 0 [pid 8740] mkdir("./file2", 0777 [pid 8735] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8741] <... mount resumed>) = 0 [pid 8741] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8741] chdir("./file1") = 0 [pid 8741] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8741] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8741] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8738] <... futex resumed>) = 0 [pid 8738] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8741] <... futex resumed>) = 0 [pid 8738] <... futex resumed>) = 1 [pid 8741] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8738] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8742] symlink("/dev/binderfs", "./binderfs" [pid 8736] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8743] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8742] <... symlink resumed>) = 0 [pid 8741] <... openat resumed>) = 4 executing program [pid 8743] <... prctl resumed>) = 0 [pid 8742] write(1, "executing program\n", 18 [pid 8741] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8743] setpgid(0, 0 [pid 8742] <... write resumed>) = 18 [pid 8741] <... futex resumed>) = 1 [pid 8738] <... futex resumed>) = 0 [pid 8743] <... setpgid resumed>) = 0 [pid 8742] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8741] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8740] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8738] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8742] <... futex resumed>) = 0 [pid 8741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8740] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8738] <... futex resumed>) = 0 [pid 8736] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 223.847069][ T8736] exFAT-fs (loop0): error, data size is invalid(9000) [ 223.861053][ T8736] exFAT-fs (loop0): Filesystem has been set read-only [ 223.868476][ T8740] exFAT-fs (loop3): error, data size is invalid(9000) [ 223.888810][ T8740] exFAT-fs (loop3): Filesystem has been set read-only [pid 8734] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8743] <... openat resumed>) = 3 [pid 8742] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8741] mkdir("./file2", 0777 [pid 8738] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8734] <... futex resumed>) = ? [pid 8743] write(3, "1000", 4 [pid 8742] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8736] +++ killed by SIGSEGV +++ [pid 8735] <... futex resumed>) = ? [pid 8740] +++ killed by SIGSEGV +++ [pid 8735] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8735, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8743] <... write resumed>) = 4 [pid 8742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8743] close(3 [pid 8742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8743] <... close resumed>) = 0 [pid 8742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8743] symlink("/dev/binderfs", "./binderfs" [pid 8742] <... mmap resumed>) = 0x7f300ac28000 [pid 8743] <... symlink resumed>) = 0 [pid 8742] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 8743] write(1, "executing program\n", 18) = 18 [pid 8742] <... mprotect resumed>) = 0 [pid 8743] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8742] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8743] <... futex resumed>) = 0 [pid 8742] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8743] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8743] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8741] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 8744 attached [pid 8743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8742] <... clone3 resumed> => {parent_tid=[8744]}, 88) = 8744 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8742] rt_sigprocmask(SIG_SETMASK, [], [pid 8734] +++ killed by SIGSEGV +++ [pid 8743] <... mmap resumed>) = 0x7f300ac28000 [pid 8742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8741] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8734, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8744] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8743] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8742] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8738] <... futex resumed>) = ? [pid 5833] umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8744] <... rseq resumed>) = 0 [pid 8743] <... mprotect resumed>) = 0 [pid 8742] <... futex resumed>) = 0 [pid 8741] +++ killed by SIGSEGV +++ [pid 8738] +++ killed by SIGSEGV +++ [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8744] set_robust_list(0x7f300ac489a0, 24 [pid 8743] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8742] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8744] <... set_robust_list resumed>) = 0 [pid 8743] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8744] rt_sigprocmask(SIG_SETMASK, [], [pid 8743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] newfstatat(3, "", [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8738, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8745 attached [pid 8744] memfd_create("syzkaller", 0 [pid 8743] <... clone3 resumed> => {parent_tid=[8745]}, 88) = 8745 [pid 5832] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8745] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8744] <... memfd_create resumed>) = 3 [pid 8743] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8745] <... rseq resumed>) = 0 [pid 8743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8745] set_robust_list(0x7f300ac489a0, 24 [pid 8744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8743] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8744] <... mmap resumed>) = 0x7f3002800000 [pid 8743] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 8743] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 223.915913][ T8741] exFAT-fs (loop2): error, data size is invalid(9000) [ 223.923623][ T8741] exFAT-fs (loop2): Filesystem has been set read-only [pid 5832] newfstatat(AT_FDCWD, "./246/file1", [pid 5830] newfstatat(3, "", [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8744] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] umount2("./246/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "./246/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 5832] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(4, "", [pid 5830] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5833] newfstatat(AT_FDCWD, "./252/file1", [pid 5832] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./246/file1" [pid 8745] <... set_robust_list resumed>) = 0 [pid 8744] <... write resumed>) = 131072 [pid 5833] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./246/binderfs") = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5833] getdents64(4, [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] close(3 [pid 5833] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./246" [pid 8745] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./252/file1") = 0 [pid 5832] mkdir("./247", 0777 [pid 8745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8744] munmap(0x7f3002800000, 138412032 [pid 5833] umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... mkdir resumed>) = 0 [pid 8745] memfd_create("syzkaller", 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8744] <... munmap resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./252/binderfs", [pid 8745] <... memfd_create resumed>) = 3 [pid 8744] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8744] <... openat resumed>) = 4 [pid 5833] unlink("./252/binderfs" [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8745] <... mmap resumed>) = 0x7f3002800000 [pid 8744] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./252") = 0 [pid 5830] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] mkdir("./253", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./251/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] newfstatat(4, "", [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5830] getdents64(4, [pid 5833] close(3 [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8745] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8744] <... ioctl resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8745] <... write resumed>) = 131072 [pid 8744] close(3 [pid 5830] close(4) = 0 ./strace-static-x86_64: Process 8746 attached [pid 8745] munmap(0x7f3002800000, 138412032 [pid 8744] <... close resumed>) = 0 [pid 5830] rmdir("./251/file1" [pid 8745] <... munmap resumed>) = 0 [pid 8744] close(4 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8746 [pid 8745] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8744] <... close resumed>) = 0 [pid 8744] mkdir("./file1", 0777) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 8745] <... openat resumed>) = 4 [pid 8744] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8745] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8747 attached [pid 8746] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8746] <... set_robust_list resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./251/binderfs", [pid 8746] chdir("./253" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8746] <... chdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8747 [pid 5830] unlink("./251/binderfs" [pid 8746] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... unlink resumed>) = 0 [pid 8746] <... prctl resumed>) = 0 [pid 5830] getdents64(3, [pid 8746] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8746] <... setpgid resumed>) = 0 [pid 5830] close(3 [pid 8746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... close resumed>) = 0 [pid 8746] <... openat resumed>) = 3 [pid 5830] rmdir("./251" [pid 8747] set_robust_list(0x55556b85b6a0, 24 [pid 8746] write(3, "1000", 4 [pid 5830] <... rmdir resumed>) = 0 [pid 8747] <... set_robust_list resumed>) = 0 [pid 8747] chdir("./247" [pid 8746] <... write resumed>) = 4 [pid 8746] close(3) = 0 [pid 8746] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8746] write(1, "executing program\n", 18 [pid 5830] mkdir("./252", 0777 [pid 8747] <... chdir resumed>) = 0 [pid 8746] <... write resumed>) = 18 [pid 5830] <... mkdir resumed>) = 0 [pid 8746] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8746] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8747] <... prctl resumed>) = 0 [pid 8746] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8747] setpgid(0, 0 [pid 8746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8747] <... setpgid resumed>) = 0 [ 224.001499][ T8744] loop4: detected capacity change from 0 to 256 [ 224.036947][ T8745] loop1: detected capacity change from 0 to 256 [pid 8746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8746] <... mmap resumed>) = 0x7f300ac28000 [pid 8746] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... ioctl resumed>) = 0 [pid 8746] <... mprotect resumed>) = 0 [pid 5830] close(3 [pid 8746] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... close resumed>) = 0 [pid 8747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8746] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8747] <... openat resumed>) = 3 [pid 8746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8748 attached [pid 8747] write(3, "1000", 4 [pid 8745] <... ioctl resumed>) = 0 [pid 8747] <... write resumed>) = 4 [pid 8745] close(3 [pid 8747] close(3 [pid 8745] <... close resumed>) = 0 [pid 8747] <... close resumed>) = 0 [pid 8745] close(4 [pid 8747] symlink("/dev/binderfs", "./binderfs" [pid 8745] <... close resumed>) = 0 ./strace-static-x86_64: Process 8749 attached [pid 8748] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8747] <... symlink resumed>) = 0 [pid 8746] <... clone3 resumed> => {parent_tid=[8748]}, 88) = 8748 [pid 8745] mkdir("./file1", 0777 [pid 8747] write(1, "executing program\n", 18executing program [pid 8748] <... rseq resumed>) = 0 [pid 8746] rt_sigprocmask(SIG_SETMASK, [], [pid 8748] set_robust_list(0x7f300ac489a0, 24 [pid 8746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8748] <... set_robust_list resumed>) = 0 [pid 8747] <... write resumed>) = 18 [pid 8746] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8745] <... mkdir resumed>) = 0 [pid 8748] rt_sigprocmask(SIG_SETMASK, [], [pid 8747] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8746] <... futex resumed>) = 0 [pid 8749] set_robust_list(0x55556b85b6a0, 24 [pid 8748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8747] <... futex resumed>) = 0 [pid 8746] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8745] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8749] <... set_robust_list resumed>) = 0 [pid 8748] memfd_create("syzkaller", 0 [pid 8747] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8749 [pid 8749] chdir("./252" [pid 8748] <... memfd_create resumed>) = 3 [pid 8747] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8749] <... chdir resumed>) = 0 [pid 8748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8749] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8748] <... mmap resumed>) = 0x7f3002800000 [pid 8747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8749] <... prctl resumed>) = 0 [ 224.052302][ T8744] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8749] setpgid(0, 0 [pid 8748] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8744] <... mount resumed>) = 0 [pid 8749] <... setpgid resumed>) = 0 [pid 8749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8749] write(3, "1000", 4 [pid 8748] <... write resumed>) = 131072 [pid 8749] <... write resumed>) = 4 [pid 8749] close(3) = 0 [pid 8749] symlink("/dev/binderfs", "./binderfs" [pid 8748] munmap(0x7f3002800000, 138412032 [pid 8749] <... symlink resumed>) = 0 [pid 8748] <... munmap resumed>) = 0 executing program [pid 8749] write(1, "executing program\n", 18) = 18 [pid 8749] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8748] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8749] <... futex resumed>) = 0 [pid 8748] <... openat resumed>) = 4 [pid 8749] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8748] ioctl(4, LOOP_SET_FD, 3 [pid 8749] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8747] <... mmap resumed>) = 0x7f300ac28000 [pid 8744] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8747] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8744] <... openat resumed>) = 3 [pid 8747] <... mprotect resumed>) = 0 [pid 8749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8747] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8749] <... mmap resumed>) = 0x7f300ac28000 [pid 8747] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8744] chdir("./file1" [pid 8749] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8749] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8744] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 8750 attached [pid 8749] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8744] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8747] <... clone3 resumed> => {parent_tid=[8750]}, 88) = 8750 [pid 8744] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 8751 attached [pid 8750] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8747] rt_sigprocmask(SIG_SETMASK, [], [pid 8744] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8750] <... rseq resumed>) = 0 [pid 8749] <... clone3 resumed> => {parent_tid=[8751]}, 88) = 8751 [pid 8747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8744] <... futex resumed>) = 1 [pid 8742] <... futex resumed>) = 0 [pid 8750] set_robust_list(0x7f300ac489a0, 24 [pid 8749] rt_sigprocmask(SIG_SETMASK, [], [pid 8747] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8744] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8742] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8751] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8750] <... set_robust_list resumed>) = 0 [pid 8749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8747] <... futex resumed>) = 0 [pid 8742] <... futex resumed>) = 0 [pid 8751] <... rseq resumed>) = 0 [pid 8750] rt_sigprocmask(SIG_SETMASK, [], [pid 8749] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8747] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8744] <... openat resumed>) = 4 [pid 8742] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8751] set_robust_list(0x7f300ac489a0, 24 [pid 8750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8749] <... futex resumed>) = 0 [pid 8751] <... set_robust_list resumed>) = 0 [pid 8749] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8750] memfd_create("syzkaller", 0 [pid 8744] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8751] memfd_create("syzkaller", 0 [pid 8748] <... ioctl resumed>) = 0 [pid 8744] <... futex resumed>) = 1 [pid 8742] <... futex resumed>) = 0 [ 224.097806][ T8745] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 224.109306][ T8748] loop3: detected capacity change from 0 to 256 [pid 8751] <... memfd_create resumed>) = 3 [pid 8750] <... memfd_create resumed>) = 3 [pid 8748] close(3 [pid 8745] <... mount resumed>) = 0 [pid 8744] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8742] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8745] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8742] <... futex resumed>) = 0 [pid 8750] <... mmap resumed>) = 0x7f3002800000 [pid 8744] mkdir("./file2", 0777 [pid 8742] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8745] <... openat resumed>) = 3 [pid 8751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8751] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8748] <... close resumed>) = 0 [pid 8751] munmap(0x7f3002800000, 138412032 [pid 8748] close(4 [pid 8751] <... munmap resumed>) = 0 [pid 8748] <... close resumed>) = 0 [pid 8751] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8748] mkdir("./file1", 0777 [pid 8751] <... openat resumed>) = 4 [pid 8748] <... mkdir resumed>) = 0 [pid 8745] chdir("./file1" [pid 8751] ioctl(4, LOOP_SET_FD, 3 [pid 8748] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8750] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8745] <... chdir resumed>) = 0 [pid 8745] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8751] <... ioctl resumed>) = 0 [pid 8750] <... write resumed>) = 131072 [pid 8745] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8744] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8751] close(3 [pid 8750] munmap(0x7f3002800000, 138412032 [pid 8745] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8744] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8745] <... futex resumed>) = 1 [pid 8745] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8743] <... futex resumed>) = 0 [pid 8742] <... futex resumed>) = ? [pid 8751] <... close resumed>) = 0 [pid 8750] <... munmap resumed>) = 0 [pid 8744] +++ killed by SIGSEGV +++ [pid 8743] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8750] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8745] <... futex resumed>) = 0 [pid 8751] close(4 [pid 8743] <... futex resumed>) = 1 [pid 8751] <... close resumed>) = 0 [pid 8745] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8743] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8742] +++ killed by SIGSEGV +++ [pid 8751] mkdir("./file1", 0777 [pid 8750] <... openat resumed>) = 4 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8742, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5834] umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8751] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8751] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8750] ioctl(4, LOOP_SET_FD, 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8745] <... openat resumed>) = 4 [ 224.147417][ T8744] exFAT-fs (loop4): error, data size is invalid(9000) [ 224.158528][ T8751] loop0: detected capacity change from 0 to 256 [ 224.164315][ T8744] exFAT-fs (loop4): Filesystem has been set read-only [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8745] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8745] <... futex resumed>) = 1 [pid 8743] <... futex resumed>) = 0 [pid 8743] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8745] mkdir("./file2", 0777 [pid 8743] <... futex resumed>) = 0 [pid 8750] <... ioctl resumed>) = 0 [pid 8745] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8743] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = 0 [pid 8750] close(3 [pid 8745] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8750] <... close resumed>) = 0 [pid 8750] close(4 [pid 8743] <... futex resumed>) = ? [pid 8750] <... close resumed>) = 0 [pid 8745] +++ killed by SIGSEGV +++ [pid 8743] +++ killed by SIGSEGV +++ [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8750] mkdir("./file1", 0777) = 0 [pid 5834] newfstatat(AT_FDCWD, "./252/file1", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8743, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8750] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(4, "", [pid 5831] openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5834] getdents64(4, [pid 5831] newfstatat(3, "", [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 224.187644][ T8750] loop2: detected capacity change from 0 to 256 [ 224.199839][ T8745] exFAT-fs (loop1): error, data size is invalid(9000) [ 224.206641][ T8745] exFAT-fs (loop1): Filesystem has been set read-only [ 224.224093][ T8751] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] close(4 [pid 5831] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./252/file1" [pid 8751] <... mount resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8751] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./255/file1", [pid 8751] <... openat resumed>) = 3 [pid 5834] umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8751] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] newfstatat(AT_FDCWD, "./252/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8751] <... chdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8751] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8751] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] unlink("./252/binderfs" [pid 5831] newfstatat(4, "", [pid 8751] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8749] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8751] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8749] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 5831] getdents64(4, [pid 8749] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5834] close(3 [pid 8749] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5834] rmdir("./252" [pid 5831] rmdir("./255/file1" [pid 8748] <... mount resumed>) = 0 [pid 8748] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8748] chdir("./file1") = 0 [pid 8748] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8748] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8746] <... futex resumed>) = 0 [pid 8746] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rmdir resumed>) = 0 [pid 8746] <... futex resumed>) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8748] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [ 224.247087][ T8748] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 224.275412][ T8750] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8746] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./255/binderfs") = 0 [pid 5831] getdents64(3, [pid 5834] mkdir("./253", 0777 [pid 8751] <... openat resumed>) = 4 [pid 8748] <... openat resumed>) = 4 [pid 8748] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8746] <... futex resumed>) = 0 [pid 8746] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8746] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8748] mkdir("./file2", 0777 [pid 8751] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... openat resumed>) = 3 [pid 5831] close(3 [pid 8751] <... futex resumed>) = 1 [pid 8749] <... futex resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 8748] <... mkdir resumed>) = -1 EIO (Input/output error) [ 224.302957][ T8748] exFAT-fs (loop3): error, data size is invalid(9000) [ 224.339156][ T8748] exFAT-fs (loop3): Filesystem has been set read-only [pid 8751] mkdir("./file2", 0777 [pid 8750] <... mount resumed>) = 0 [pid 8749] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = 0 [pid 5831] rmdir("./255" [pid 8746] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8746] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8746] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8752]}, 88) = 8752 [pid 8746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8746] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8746] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8752 attached [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./256", 0777 [pid 5834] close(3 [pid 8752] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8752] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8752] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5831] <... mkdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8749] <... futex resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... openat resumed>) = 3 [pid 8749] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8752] <... ioctl resumed>) = ? [pid 8750] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8746] <... futex resumed>) = ? [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8753 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8752] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8753 attached [pid 8750] <... openat resumed>) = 3 [pid 8748] +++ killed by SIGSEGV +++ [pid 8746] +++ killed by SIGSEGV +++ [pid 5831] <... ioctl resumed>) = 0 [pid 8750] chdir("./file1" [pid 5831] close(3 [pid 8750] <... chdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8746, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... close resumed>) = 0 [pid 8751] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8750] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8753] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8750] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8753] chdir("./253") = 0 [pid 8753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8753] setpgid(0, 0) = 0 [pid 8753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8750] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8754 ./strace-static-x86_64: Process 8754 attached [pid 8754] set_robust_list(0x55556b85b6a0, 24 [pid 8750] <... futex resumed>) = 1 [pid 8747] <... futex resumed>) = 0 [pid 8747] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8754] <... set_robust_list resumed>) = 0 [pid 8750] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8747] <... futex resumed>) = 0 [pid 8753] <... openat resumed>) = 3 [pid 8747] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 224.349011][ T8751] exFAT-fs (loop0): error, data size is invalid(9000) [ 224.355846][ T8751] exFAT-fs (loop0): Filesystem has been set read-only [pid 8754] chdir("./256" [pid 8753] write(3, "1000", 4 [pid 8751] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8750] <... openat resumed>) = 4 [pid 5833] umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8753] <... write resumed>) = 4 [pid 8750] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8754] <... chdir resumed>) = 0 [pid 8750] <... futex resumed>) = 1 [pid 8747] <... futex resumed>) = 0 executing program [pid 5833] openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8754] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8750] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8749] <... futex resumed>) = ? [pid 8747] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8747] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8753] close(3) = 0 [pid 8753] symlink("/dev/binderfs", "./binderfs" [pid 8750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] newfstatat(3, "", [pid 8754] <... prctl resumed>) = 0 [pid 8753] <... symlink resumed>) = 0 [pid 8750] mkdir("./file2", 0777 [pid 8754] setpgid(0, 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8753] write(1, "executing program\n", 18 [pid 8754] <... setpgid resumed>) = 0 [pid 5833] getdents64(3, [pid 8753] <... write resumed>) = 18 [pid 8753] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8753] <... futex resumed>) = 0 [pid 8753] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8754] <... openat resumed>) = 3 [pid 8753] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8751] +++ killed by SIGSEGV +++ [pid 8749] +++ killed by SIGSEGV +++ [pid 8753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8753] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8755 attached => {parent_tid=[8755]}, 88) = 8755 [pid 8753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8753] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8753] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8755] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8755] set_robust_list(0x7f300ac489a0, 24 [pid 8754] write(3, "1000", 4 [pid 8755] <... set_robust_list resumed>) = 0 [pid 8754] <... write resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8749, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8755] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8754] close(3 [pid 8755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8754] <... close resumed>) = 0 [pid 8750] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] <... restart_syscall resumed>) = 0 [pid 8755] memfd_create("syzkaller", 0 [pid 8754] symlink("/dev/binderfs", "./binderfs" [pid 8755] <... memfd_create resumed>) = 3 [pid 8754] <... symlink resumed>) = 0 [pid 8750] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... umount2 resumed>) = 0 [pid 8755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8754] write(1, "executing program\n", 18executing program [pid 5833] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8755] <... mmap resumed>) = 0x7f3002800000 [pid 8754] <... write resumed>) = 18 [pid 8750] +++ killed by SIGSEGV +++ [pid 8747] <... futex resumed>) = ? [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8755] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8754] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./253/file1", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8754] <... futex resumed>) = 0 [pid 8747] +++ killed by SIGSEGV +++ [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8755] <... write resumed>) = 131072 [pid 8754] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8747, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] <... openat resumed>) = 3 [pid 8755] munmap(0x7f3002800000, 138412032 [pid 8754] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] newfstatat(3, "", [pid 8755] <... munmap resumed>) = 0 [pid 8754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 224.406623][ T8750] exFAT-fs (loop2): error, data size is invalid(9000) [ 224.417972][ T8750] exFAT-fs (loop2): Filesystem has been set read-only [pid 8755] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(3, [pid 8755] <... openat resumed>) = 4 [pid 8754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8754] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8754] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] getdents64(4, [pid 5832] umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8755] ioctl(4, LOOP_SET_FD, 3 [pid 8754] <... mprotect resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8754] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(4, [pid 5832] openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8754] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] close(4 [pid 5832] newfstatat(3, "", ./strace-static-x86_64: Process 8756 attached [pid 5833] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8756] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8754] <... clone3 resumed> => {parent_tid=[8756]}, 88) = 8756 [pid 5833] rmdir("./253/file1" [pid 5832] getdents64(3, [pid 8756] <... rseq resumed>) = 0 [pid 8754] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8756] set_robust_list(0x7f300ac489a0, 24 [pid 8754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8756] <... set_robust_list resumed>) = 0 [pid 8754] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8756] rt_sigprocmask(SIG_SETMASK, [], [pid 8754] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./253/binderfs", [pid 8756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8754] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8756] memfd_create("syzkaller", 0 [pid 5833] unlink("./253/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 8756] <... memfd_create resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./253" [pid 8756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8756] <... mmap resumed>) = 0x7f3002800000 [pid 8756] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8755] <... ioctl resumed>) = 0 [pid 5833] mkdir("./254", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./252/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./252/file1" [pid 8755] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./252/binderfs" [pid 5833] <... mkdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8755] <... close resumed>) = 0 [pid 8755] close(4 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8755] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5830] close(3) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8756] <... write resumed>) = 131072 [pid 5833] <... ioctl resumed>) = 0 [pid 5830] rmdir("./252" [pid 5833] close(3) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8756] munmap(0x7f3002800000, 138412032 [pid 8755] mkdir("./file1", 0777 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8757 attached [pid 8756] <... munmap resumed>) = 0 [pid 8755] <... mkdir resumed>) = 0 [pid 5832] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8755] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./247/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./247/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./247/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 5830] mkdir("./253", 0777 [pid 8756] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 224.489076][ T8755] loop4: detected capacity change from 0 to 256 [pid 5830] <... mkdir resumed>) = 0 [pid 8757] set_robust_list(0x55556b85b6a0, 24 [pid 8756] <... openat resumed>) = 4 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8757 [pid 5832] getdents64(4, [pid 8757] <... set_robust_list resumed>) = 0 [pid 8756] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8757] chdir("./254") = 0 [pid 5832] getdents64(4, [pid 8757] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8757] <... prctl resumed>) = 0 [pid 5832] close(4 [pid 8757] setpgid(0, 0 [pid 5832] <... close resumed>) = 0 [pid 8757] <... setpgid resumed>) = 0 [pid 5832] rmdir("./247/file1" [pid 8757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8757] <... openat resumed>) = 3 [pid 5832] umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(AT_FDCWD, "./247/binderfs", [pid 5830] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./247/binderfs" [pid 5830] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8758 attached [pid 8757] write(3, "1000", 4 [pid 5832] close(3 [pid 8757] <... write resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8758 [pid 8757] close(3 [pid 5832] rmdir("./247" [pid 8757] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8757] symlink("/dev/binderfs", "./binderfs" [pid 5832] mkdir("./248", 0777 [pid 8757] <... symlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 executing program [pid 8757] write(1, "executing program\n", 18 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8757] <... write resumed>) = 18 [pid 5832] <... openat resumed>) = 3 [pid 8757] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8757] <... futex resumed>) = 0 [pid 8757] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8757] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8757] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... ioctl resumed>) = 0 [pid 8758] set_robust_list(0x55556b85b6a0, 24 [pid 8757] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] close(3 [pid 8757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... close resumed>) = 0 ./strace-static-x86_64: Process 8759 attached [pid 8756] <... ioctl resumed>) = 0 [pid 8757] <... clone3 resumed> => {parent_tid=[8759]}, 88) = 8759 [pid 8757] rt_sigprocmask(SIG_SETMASK, [], [pid 8756] close(3 [pid 8759] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8756] <... close resumed>) = 0 [pid 8759] <... rseq resumed>) = 0 [pid 8757] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8756] close(4 [pid 8759] set_robust_list(0x7f300ac489a0, 24 [pid 8757] <... futex resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8760 attached [pid 8759] <... set_robust_list resumed>) = 0 [pid 8757] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8756] <... close resumed>) = 0 [pid 8759] rt_sigprocmask(SIG_SETMASK, [], [pid 8756] mkdir("./file1", 0777 [pid 8759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8756] <... mkdir resumed>) = 0 [pid 8759] memfd_create("syzkaller", 0 [pid 8758] <... set_robust_list resumed>) = 0 [pid 8759] <... memfd_create resumed>) = 3 [pid 8756] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8760] set_robust_list(0x55556b85b6a0, 24 [pid 8758] chdir("./253" [pid 8760] <... set_robust_list resumed>) = 0 [pid 8759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8760] chdir("./248" [pid 8759] <... mmap resumed>) = 0x7f3002800000 [pid 8760] <... chdir resumed>) = 0 [pid 8758] <... chdir resumed>) = 0 [pid 8758] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8760] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8760 [pid 8760] <... prctl resumed>) = 0 [pid 8760] setpgid(0, 0) = 0 [pid 8760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8760] write(3, "1000", 4) = 4 [pid 8759] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8760] close(3) = 0 [pid 8760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8759] <... write resumed>) = 131072 [pid 8758] <... prctl resumed>) = 0 executing program [pid 8758] setpgid(0, 0) = 0 [pid 8760] write(1, "executing program\n", 18) = 18 [pid 8760] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8760] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8760] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8759] munmap(0x7f3002800000, 138412032) = 0 [pid 8758] <... openat resumed>) = 3 [pid 8760] <... mmap resumed>) = 0x7f300ac28000 [pid 8758] write(3, "1000", 4 [ 224.531776][ T8756] loop1: detected capacity change from 0 to 256 [ 224.567120][ T8755] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8760] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8759] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8758] <... write resumed>) = 4 [pid 8760] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8758] close(3 [pid 8759] <... openat resumed>) = 4 [pid 8759] ioctl(4, LOOP_SET_FD, 3 [pid 8760] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8759] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8759] ioctl(4, LOOP_CLR_FD [pid 8758] <... close resumed>) = 0 ./strace-static-x86_64: Process 8761 attached [pid 8759] <... ioctl resumed>) = 0 [pid 8758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8758] write(1, "executing program\n", 18 [pid 8761] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8760] <... clone3 resumed> => {parent_tid=[8761]}, 88) = 8761 [pid 8761] <... rseq resumed>) = 0 [pid 8760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8761] set_robust_list(0x7f300ac489a0, 24 [pid 8760] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8761] <... set_robust_list resumed>) = 0 [pid 8760] <... futex resumed>) = 0 [pid 8761] rt_sigprocmask(SIG_SETMASK, [], [pid 8760] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8759] ioctl(4, LOOP_SET_FD, 3 [pid 8761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8759] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8761] memfd_create("syzkaller", 0 [pid 8759] close(4 [pid 8761] <... memfd_create resumed>) = 3 [pid 8759] <... close resumed>) = 0 [pid 8761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8759] close(3executing program [pid 8761] <... mmap resumed>) = 0x7f3002800000 [pid 8759] <... close resumed>) = 0 [pid 8761] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8759] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8758] <... write resumed>) = 18 [pid 8759] <... futex resumed>) = 1 [pid 8757] <... futex resumed>) = 0 [pid 8757] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8759] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8757] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8759] <... openat resumed>) = 3 [pid 8761] <... write resumed>) = 131072 [pid 8759] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8757] <... futex resumed>) = 0 [pid 8757] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8757] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8759] mkdir("./file2", 0777 [pid 8758] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8759] <... mkdir resumed>) = 0 [pid 8758] <... futex resumed>) = 0 [pid 8758] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8761] munmap(0x7f3002800000, 138412032) = 0 [pid 8759] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8757] <... futex resumed>) = ? [pid 8761] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8759] +++ killed by SIGSEGV +++ [pid 8757] +++ killed by SIGSEGV +++ [pid 8761] <... openat resumed>) = 4 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8757, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 8761] ioctl(4, LOOP_SET_FD, 3 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8758] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8755] <... mount resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8755] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8755] <... openat resumed>) = 3 [pid 8758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8755] chdir("./file1" [pid 8758] <... mmap resumed>) = 0x7f300ac28000 [pid 8755] <... chdir resumed>) = 0 [pid 8758] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8755] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 5833] umount2("./254/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./254/devices.list", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./254/devices.list" [pid 8755] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8758] <... mprotect resumed>) = 0 [pid 8755] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 8755] <... futex resumed>) = 1 [pid 5833] umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8758] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8755] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8753] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./254/binderfs" [pid 8758] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8753] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... unlink resumed>) = 0 [pid 8761] <... ioctl resumed>) = 0 [pid 5833] umount2("./254/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8761] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8761] <... close resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./254/file2", [pid 8761] close(4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./254/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./254/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8753] <... futex resumed>) = 1 [pid 8755] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8761] <... close resumed>) = 0 [pid 8758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8755] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8753] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(4, [pid 8761] mkdir("./file1", 0777) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8761] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8758] <... clone3 resumed> => {parent_tid=[8762]}, 88) = 8762 [pid 8755] <... openat resumed>) = 4 [pid 5833] close(4./strace-static-x86_64: Process 8762 attached [pid 8758] rt_sigprocmask(SIG_SETMASK, [], [pid 8755] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./254/file2") = 0 [ 224.660891][ T8761] loop2: detected capacity change from 0 to 256 [ 224.669798][ T8756] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8755] <... futex resumed>) = 1 [pid 8753] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 8758] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8755] mkdir("./file2", 0777 [pid 8753] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8753] <... futex resumed>) = 0 [pid 5833] close(3) = 0 [pid 8762] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8758] <... futex resumed>) = 0 [pid 8756] <... mount resumed>) = 0 [pid 8753] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] rmdir("./254" [pid 8762] <... rseq resumed>) = 0 [pid 8758] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8756] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... rmdir resumed>) = 0 [pid 8762] set_robust_list(0x7f300ac489a0, 24 [pid 8756] <... openat resumed>) = 3 [pid 5833] mkdir("./255", 0777 [pid 8762] <... set_robust_list resumed>) = 0 [pid 8756] chdir("./file1" [pid 5833] <... mkdir resumed>) = 0 [pid 8762] rt_sigprocmask(SIG_SETMASK, [], [pid 8756] <... chdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8756] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... openat resumed>) = 3 [pid 8756] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8756] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8756] <... futex resumed>) = 1 [pid 8754] <... futex resumed>) = 0 [pid 8756] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8754] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8754] <... futex resumed>) = 0 [pid 5833] close(3 [pid 8762] memfd_create("syzkaller", 0 [pid 8754] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 8762] <... memfd_create resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8763 attached [pid 8762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8755] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8762] <... mmap resumed>) = 0x7f3002800000 [pid 8755] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8756] <... openat resumed>) = 4 [pid 8763] set_robust_list(0x55556b85b6a0, 24 [pid 8762] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8753] <... futex resumed>) = ? [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8763 [pid 8756] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8755] +++ killed by SIGSEGV +++ [pid 8754] <... futex resumed>) = 0 [pid 8753] +++ killed by SIGSEGV +++ [pid 8754] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8753, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 224.722560][ T8755] exFAT-fs (loop4): error, data size is invalid(9000) [ 224.740088][ T8755] exFAT-fs (loop4): Filesystem has been set read-only [pid 8756] mkdir("./file2", 0777 [pid 8754] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... set_robust_list resumed>) = 0 [pid 8762] <... write resumed>) = 131072 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8763] chdir("./255") = 0 [pid 8763] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8763] <... prctl resumed>) = 0 [pid 8763] setpgid(0, 0 [pid 5834] <... openat resumed>) = 3 [pid 8763] <... setpgid resumed>) = 0 [pid 8763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] newfstatat(3, "", [pid 8763] <... openat resumed>) = 3 [pid 8763] write(3, "1000", 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8763] <... write resumed>) = 4 [pid 8763] close(3 [pid 8762] munmap(0x7f3002800000, 138412032 [pid 5834] getdents64(3, [pid 8763] <... close resumed>) = 0 [pid 8763] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... symlink resumed>) = 0 executing program [pid 8763] write(1, "executing program\n", 18 [pid 8762] <... munmap resumed>) = 0 [pid 8763] <... write resumed>) = 18 [pid 8763] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8762] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8763] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8762] <... openat resumed>) = 4 [pid 8763] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8762] ioctl(4, LOOP_SET_FD, 3 [pid 8763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8756] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8754] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... umount2 resumed>) = 0 [pid 8763] <... mmap resumed>) = 0x7f300ac28000 [pid 8756] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8754] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8754] <... futex resumed>) = 0 [pid 8754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./253/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 224.764894][ T8756] exFAT-fs (loop1): error, data size is invalid(9000) [ 224.788174][ T8756] exFAT-fs (loop1): Filesystem has been set read-only [ 224.804661][ T8762] loop0: detected capacity change from 0 to 256 [pid 8763] <... mprotect resumed>) = 0 [pid 8762] <... ioctl resumed>) = 0 [pid 5834] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8762] close(3 [pid 8756] +++ killed by SIGSEGV +++ [pid 8754] +++ killed by SIGSEGV +++ [pid 8763] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8754, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5834] <... openat resumed>) = 4 [pid 5831] umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5834] newfstatat(4, "", [pid 5831] newfstatat(3, "", [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] getdents64(3, [pid 8762] <... close resumed>) = 0 ./strace-static-x86_64: Process 8764 attached [pid 8762] close(4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8764] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8763] <... clone3 resumed> => {parent_tid=[8764]}, 88) = 8764 [pid 8762] <... close resumed>) = 0 [pid 8763] rt_sigprocmask(SIG_SETMASK, [], [pid 8762] mkdir("./file1", 0777 [pid 8763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8763] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8762] <... mkdir resumed>) = 0 [pid 5834] getdents64(4, [pid 5831] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./253/file1" [pid 8764] <... rseq resumed>) = 0 [pid 8763] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8762] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] <... rmdir resumed>) = 0 [pid 8764] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 5834] umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 8764] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./253/binderfs", [pid 5831] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] unlink("./253/binderfs" [pid 5831] newfstatat(AT_FDCWD, "./256/file1", [pid 8764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8764] memfd_create("syzkaller", 0 [pid 5831] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8764] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 224.833652][ T8761] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8764] <... mmap resumed>) = 0x7f3002800000 [pid 5831] newfstatat(4, "", [pid 8764] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, [pid 5831] getdents64(4, [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] close(3 [pid 5831] getdents64(4, [pid 5834] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] rmdir("./253" [pid 5831] close(4 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8761] <... mount resumed>) = 0 [pid 5834] mkdir("./254", 0777 [pid 5831] rmdir("./256/file1" [pid 5834] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./256/binderfs", [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] unlink("./256/binderfs" [pid 8761] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] <... unlink resumed>) = 0 [pid 8761] <... openat resumed>) = 3 [pid 5834] <... ioctl resumed>) = 0 [pid 5831] getdents64(3, [pid 8761] chdir("./file1" [pid 5834] close(3 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8761] <... chdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] close(3 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... close resumed>) = 0 ./strace-static-x86_64: Process 8765 attached [pid 5831] rmdir("./256" [pid 8761] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 8764] <... write resumed>) = 131072 [pid 8761] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8765] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8761] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] mkdir("./257", 0777 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8765 [pid 8764] munmap(0x7f3002800000, 138412032 [pid 5831] <... mkdir resumed>) = 0 [pid 8761] <... futex resumed>) = 1 [pid 8764] <... munmap resumed>) = 0 [pid 8760] <... futex resumed>) = 0 [pid 8760] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8760] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8761] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8765] chdir("./254" [ 224.895875][ T8762] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8765] <... chdir resumed>) = 0 [pid 8761] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 8761] <... futex resumed>) = 1 [pid 8760] <... futex resumed>) = 0 [pid 8761] mkdir("./file2", 0777 [pid 8760] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8764] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8760] <... futex resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8765] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8764] <... openat resumed>) = 4 [pid 8760] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... ioctl resumed>) = 0 [pid 8765] <... prctl resumed>) = 0 [pid 8764] ioctl(4, LOOP_SET_FD, 3 [pid 8762] <... mount resumed>) = 0 [pid 5831] close(3) = 0 [pid 8762] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8765] setpgid(0, 0 [pid 8762] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8765] <... setpgid resumed>) = 0 [pid 8762] chdir("./file1" [pid 8765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8765] write(3, "1000", 4) = 4 [pid 8765] close(3./strace-static-x86_64: Process 8766 attached ) = 0 [pid 8762] <... chdir resumed>) = 0 [pid 8764] <... ioctl resumed>) = 0 [pid 8765] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8766 [pid 8765] <... symlink resumed>) = 0 [pid 8766] set_robust_list(0x55556b85b6a0, 24 [pid 8764] close(3 [pid 8762] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8766] <... set_robust_list resumed>) = 0 [pid 8764] <... close resumed>) = 0 executing program [pid 8766] chdir("./257" [pid 8765] write(1, "executing program\n", 18 [pid 8764] close(4 [pid 8762] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8765] <... write resumed>) = 18 [pid 8765] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8765] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8764] <... close resumed>) = 0 [pid 8765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8766] <... chdir resumed>) = 0 [pid 8765] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8764] mkdir("./file1", 0777 [pid 8762] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8761] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8764] <... mkdir resumed>) = 0 [pid 8762] <... futex resumed>) = 1 [pid 8758] <... futex resumed>) = 0 [pid 8766] <... prctl resumed>) = 0 [pid 8764] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8762] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8761] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8758] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8766] setpgid(0, 0 [pid 8765] <... mprotect resumed>) = 0 [pid 8762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8758] <... futex resumed>) = 0 [pid 8766] <... setpgid resumed>) = 0 [ 224.936880][ T8761] exFAT-fs (loop2): error, data size is invalid(9000) [ 224.953878][ T8764] loop3: detected capacity change from 0 to 256 [ 224.966875][ T8761] exFAT-fs (loop2): Filesystem has been set read-only [pid 8762] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8758] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8765] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8762] <... openat resumed>) = 4 [pid 8760] <... futex resumed>) = 4 [pid 8766] <... openat resumed>) = 3 [pid 8765] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8762] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8767 attached [pid 8766] write(3, "1000", 4 [pid 8762] <... futex resumed>) = 1 [pid 8758] <... futex resumed>) = 0 [pid 8767] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8766] <... write resumed>) = 4 [pid 8762] mkdir("./file2", 0777 [pid 8758] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] <... rseq resumed>) = 0 [pid 8766] close(3 [pid 8765] <... clone3 resumed> => {parent_tid=[8767]}, 88) = 8767 [pid 8761] +++ killed by SIGSEGV +++ [pid 8760] +++ killed by SIGSEGV +++ [pid 8758] <... futex resumed>) = 0 [pid 8767] set_robust_list(0x7f300ac489a0, 24executing program ) = 0 [pid 8766] <... close resumed>) = 0 [pid 8765] rt_sigprocmask(SIG_SETMASK, [], [pid 8758] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8760, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8766] symlink("/dev/binderfs", "./binderfs" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8767] rt_sigprocmask(SIG_SETMASK, [], [pid 8766] <... symlink resumed>) = 0 [pid 8766] write(1, "executing program\n", 18) = 18 [pid 8766] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8766] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... restart_syscall resumed>) = 0 [pid 8767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8766] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8768]}, 88) = 8768 [pid 8767] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8768 attached [pid 8766] rt_sigprocmask(SIG_SETMASK, [], [pid 8765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8766] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8766] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8768] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8768] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8765] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8765] <... futex resumed>) = 1 [pid 8767] <... futex resumed>) = 0 [pid 8768] memfd_create("syzkaller", 0) = 3 [pid 8768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8767] memfd_create("syzkaller", 0 [pid 5832] newfstatat(3, "", [pid 8768] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8767] <... memfd_create resumed>) = 3 [pid 8765] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8764] <... mount resumed>) = 0 [pid 5832] getdents64(3, [pid 8764] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8768] <... write resumed>) = 131072 [pid 8767] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8764] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8764] chdir("./file1") = 0 [pid 8764] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8768] munmap(0x7f3002800000, 138412032 [pid 8764] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8768] <... munmap resumed>) = 0 [pid 8764] <... futex resumed>) = 1 [pid 8763] <... futex resumed>) = 0 [pid 5832] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8763] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8764] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8762] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8768] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8762] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8758] <... futex resumed>) = ? [pid 8764] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = 0 [pid 8764] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8763] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] newfstatat(AT_FDCWD, "./248/file1", [pid 8763] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8764] <... futex resumed>) = 1 [pid 8768] <... openat resumed>) = 4 [pid 8764] mkdir("./file2", 0777 [pid 8762] +++ killed by SIGSEGV +++ [pid 8758] +++ killed by SIGSEGV +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 225.003006][ T8764] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 225.024126][ T8762] exFAT-fs (loop0): error, data size is invalid(9000) [ 225.043480][ T8762] exFAT-fs (loop0): Filesystem has been set read-only [pid 8768] ioctl(4, LOOP_SET_FD, 3 [pid 8767] <... write resumed>) = 131072 [pid 5832] umount2("./248/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8758, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8767] munmap(0x7f3002800000, 138412032 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] openat(AT_FDCWD, "./248/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 8767] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8768] <... ioctl resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 8768] close(3) = 0 [pid 8768] close(4) = 0 [pid 8767] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(3, "", [pid 8768] mkdir("./file1", 0777 [pid 5832] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8768] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5832] close(4 [pid 8768] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8767] <... openat resumed>) = 4 [pid 8763] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8767] ioctl(4, LOOP_SET_FD, 3 [pid 8763] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./248/file1" [pid 5830] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... futex resumed>) = 0 [pid 8763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8763] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [ 225.076663][ T8764] exFAT-fs (loop3): error, data size is invalid(9000) [ 225.086041][ T8768] loop1: detected capacity change from 0 to 256 [ 225.095064][ T8764] exFAT-fs (loop3): Filesystem has been set read-only [pid 5832] umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8763] <... clone3 resumed> => {parent_tid=[8769]}, 88) = 8769 [pid 8763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8763] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8769 attached [pid 8763] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8769] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8769] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8769] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8764] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8769] <... ioctl resumed>) = 0 [pid 8764] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8763] <... futex resumed>) = ? [pid 8769] +++ killed by SIGSEGV +++ [pid 8764] +++ killed by SIGSEGV +++ [pid 8763] +++ killed by SIGSEGV +++ [pid 5832] newfstatat(AT_FDCWD, "./248/binderfs", [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8763, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./248/binderfs") = 0 [pid 5833] umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5833] openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] rmdir("./248" [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./249", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8770 attached [pid 5833] newfstatat(3, "", [pid 5830] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8767] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./253/file1", [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8770] set_robust_list(0x55556b85b6a0, 24 [pid 8767] close(3 [pid 5833] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8767] <... close resumed>) = 0 [pid 8767] close(4 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8767] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8767] mkdir("./file1", 0777 [pid 5830] openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8770] <... set_robust_list resumed>) = 0 [pid 8770] chdir("./249" [pid 8767] <... mkdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8770 [pid 5830] <... openat resumed>) = 4 [pid 8767] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5830] newfstatat(4, "", [pid 8770] <... chdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8770] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] getdents64(4, [pid 8770] <... prctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8770] setpgid(0, 0) = 0 [pid 5830] getdents64(4, [pid 8770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [ 225.130171][ T8767] loop4: detected capacity change from 0 to 256 [pid 5830] close(4) = 0 [pid 5830] rmdir("./253/file1") = 0 [pid 5830] umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./253/binderfs", executing program [pid 8770] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8770] write(3, "1000", 4) = 4 [pid 8770] close(3) = 0 [pid 8770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] unlink("./253/binderfs" [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 5833] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8770] write(1, "executing program\n", 18 [pid 5830] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 8770] <... write resumed>) = 18 [pid 5830] rmdir("./253" [pid 8770] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./255/file1", [pid 5830] <... rmdir resumed>) = 0 [pid 8770] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mkdir("./254", 0777 [pid 8770] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8770] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... mkdir resumed>) = 0 [pid 8770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] newfstatat(4, "", [pid 8770] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8770] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] getdents64(4, [pid 8770] <... mprotect resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8770] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(4, [pid 8770] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] close(4 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5833] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8770] <... clone3 resumed> => {parent_tid=[8771]}, 88) = 8771 [pid 5833] rmdir("./255/file1" [pid 8770] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... rmdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8770] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8772 attached ./strace-static-x86_64: Process 8771 attached [pid 8770] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./255/binderfs", [pid 8770] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 225.190008][ T8768] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8771] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] unlink("./255/binderfs" [pid 8771] <... rseq resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8771] set_robust_list(0x7f300ac489a0, 24 [pid 5833] getdents64(3, [pid 8771] <... set_robust_list resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./255" [pid 8771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8771] memfd_create("syzkaller", 0) = 3 [pid 8771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] mkdir("./256", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8772] set_robust_list(0x55556b85b6a0, 24 [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8771] <... mmap resumed>) = 0x7f3002800000 [pid 8768] <... mount resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8771] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8772 [pid 8768] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 8768] <... openat resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8773 attached [pid 8768] chdir("./file1" [pid 8772] <... set_robust_list resumed>) = 0 [pid 8768] <... chdir resumed>) = 0 [pid 8772] chdir("./254" [pid 8768] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8772] <... chdir resumed>) = 0 [pid 8768] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8771] <... write resumed>) = 131072 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8773 [pid 8768] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8773] set_robust_list(0x55556b85b6a0, 24 [pid 8768] <... futex resumed>) = 1 [pid 8766] <... futex resumed>) = 0 [pid 8772] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8773] <... set_robust_list resumed>) = 0 [pid 8766] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8773] chdir("./256" [pid 8772] <... prctl resumed>) = 0 [pid 8771] munmap(0x7f3002800000, 138412032 [pid 8768] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8766] <... futex resumed>) = 0 [pid 8773] <... chdir resumed>) = 0 [pid 8772] setpgid(0, 0 [pid 8771] <... munmap resumed>) = 0 [pid 8766] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8772] <... setpgid resumed>) = 0 [pid 8768] <... openat resumed>) = 4 [pid 8773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8768] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8773] setpgid(0, 0 [pid 8768] <... futex resumed>) = 1 [pid 8766] <... futex resumed>) = 0 [pid 8772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8768] mkdir("./file2", 0777 [pid 8766] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8772] <... openat resumed>) = 3 [ 225.234887][ T8767] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 225.274451][ T8768] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8773] <... setpgid resumed>) = 0 [pid 8772] write(3, "1000", 4 [pid 8771] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8766] <... futex resumed>) = 0 [pid 8772] <... write resumed>) = 4 [pid 8771] <... openat resumed>) = 4 [pid 8766] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8772] close(3 [pid 8771] ioctl(4, LOOP_SET_FD, 3 [pid 8772] <... close resumed>) = 0 [pid 8773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8772] symlink("/dev/binderfs", "./binderfs" [pid 8767] <... mount resumed>) = 0 executing program [pid 8773] <... openat resumed>) = 3 [pid 8772] <... symlink resumed>) = 0 [pid 8767] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8772] write(1, "executing program\n", 18 [pid 8773] write(3, "1000", 4 [pid 8772] <... write resumed>) = 18 [pid 8767] <... openat resumed>) = 3 [pid 8773] <... write resumed>) = 4 [pid 8772] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] chdir("./file1" [pid 8773] close(3) = 0 [pid 8767] <... chdir resumed>) = 0 [pid 8773] symlink("/dev/binderfs", "./binderfs" [pid 8772] <... futex resumed>) = 0 [pid 8767] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8773] <... symlink resumed>) = 0 [pid 8772] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8767] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 8773] write(1, "executing program\n", 18 [pid 8772] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8767] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8773] <... write resumed>) = 18 [pid 8772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8767] <... futex resumed>) = 1 [pid 8765] <... futex resumed>) = 0 [pid 8772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8767] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8765] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8773] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8765] <... futex resumed>) = 0 [pid 8773] <... futex resumed>) = 0 [pid 8772] <... mmap resumed>) = 0x7f300ac28000 [pid 8767] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8765] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8772] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8773] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8772] <... mprotect resumed>) = 0 [pid 8773] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8771] <... ioctl resumed>) = 0 [pid 8773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8773] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8771] close(3 [pid 8773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8774 attached [pid 8772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8767] <... openat resumed>) = 4 [pid 8773] <... clone3 resumed> => {parent_tid=[8774]}, 88) = 8774 [pid 8772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8771] <... close resumed>) = 0 [pid 8772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8775 attached [pid 8773] rt_sigprocmask(SIG_SETMASK, [], [pid 8771] close(4 [pid 8773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8771] <... close resumed>) = 0 [pid 8775] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8774] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8773] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8771] mkdir("./file1", 0777 [pid 8767] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8766] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 225.286291][ T8771] loop2: detected capacity change from 0 to 256 [ 225.323357][ T8768] exFAT-fs (loop1): Filesystem has been set read-only [pid 8775] <... rseq resumed>) = 0 [pid 8774] <... rseq resumed>) = 0 [pid 8773] <... futex resumed>) = 0 [pid 8772] <... clone3 resumed> => {parent_tid=[8775]}, 88) = 8775 [pid 8771] <... mkdir resumed>) = 0 [pid 8767] <... futex resumed>) = 1 [pid 8766] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8765] <... futex resumed>) = 0 [pid 8775] set_robust_list(0x7f300ac489a0, 24 [pid 8774] set_robust_list(0x7f300ac489a0, 24 [pid 8773] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8772] rt_sigprocmask(SIG_SETMASK, [], [pid 8771] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8767] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8766] <... futex resumed>) = 0 [pid 8765] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8775] <... set_robust_list resumed>) = 0 [pid 8774] <... set_robust_list resumed>) = 0 [pid 8772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8765] <... futex resumed>) = 0 [pid 8775] rt_sigprocmask(SIG_SETMASK, [], [pid 8774] rt_sigprocmask(SIG_SETMASK, [], [pid 8772] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] mkdir("./file2", 0777 [pid 8765] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8772] <... futex resumed>) = 0 [pid 8775] memfd_create("syzkaller", 0 [pid 8774] memfd_create("syzkaller", 0 [pid 8772] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8766] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8775] <... memfd_create resumed>) = 3 [pid 8774] <... memfd_create resumed>) = 3 [pid 8766] <... mprotect resumed>) = 0 [pid 8775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8775] <... mmap resumed>) = 0x7f3002800000 [pid 8774] <... mmap resumed>) = 0x7f3002800000 [pid 8768] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8766] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8768] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8768] +++ killed by SIGSEGV +++ [pid 8766] <... rt_sigprocmask resumed> ) = ? [pid 8775] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8774] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8766] +++ killed by SIGSEGV +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8766, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8775] <... write resumed>) = 131072 [pid 8774] munmap(0x7f3002800000, 138412032 [pid 5831] newfstatat(3, "", [pid 8774] <... munmap resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8774] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] getdents64(3, [pid 8774] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [ 225.344891][ T8767] exFAT-fs (loop4): error, data size is invalid(9000) [ 225.376610][ T8767] exFAT-fs (loop4): Filesystem has been set read-only [pid 8774] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8775] munmap(0x7f3002800000, 138412032) = 0 [pid 8767] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8775] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8767] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8765] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8775] <... openat resumed>) = 4 [pid 8765] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8775] ioctl(4, LOOP_SET_FD, 3 [pid 8765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./257/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./257/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./257/file1" [pid 8775] <... ioctl resumed>) = 0 [pid 8765] <... mmap resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./257/binderfs", [pid 8774] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8775] close(3 [pid 8767] +++ killed by SIGSEGV +++ [pid 8765] +++ killed by SIGSEGV +++ [pid 8775] <... close resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8765, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8775] close(4 [pid 5831] unlink("./257/binderfs" [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8775] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8775] mkdir("./file1", 0777 [pid 8774] close(3) = 0 [pid 5831] getdents64(3, [pid 8775] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8774] close(4 [pid 5831] close(3) = 0 [pid 5831] rmdir("./257" [pid 8774] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8774] mkdir("./file1", 0777 [pid 8775] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8774] <... mkdir resumed>) = 0 [pid 8774] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] <... restart_syscall resumed>) = 0 [pid 5831] mkdir("./258", 0777) = 0 [pid 5834] umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 8771] <... mount resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5834] newfstatat(3, "", [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8776 attached [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, [pid 8776] set_robust_list(0x55556b85b6a0, 24 [pid 8771] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8776 [pid 5834] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8776] <... set_robust_list resumed>) = 0 [pid 8771] <... openat resumed>) = 3 [pid 8776] chdir("./258" [pid 8771] chdir("./file1" [pid 8776] <... chdir resumed>) = 0 [pid 8771] <... chdir resumed>) = 0 [pid 8776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8771] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8776] <... prctl resumed>) = 0 [pid 8771] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8776] setpgid(0, 0 [pid 8771] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8770] <... futex resumed>) = 0 [pid 8776] <... setpgid resumed>) = 0 [pid 8770] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8770] <... futex resumed>) = 0 [pid 8770] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8771] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8776] <... openat resumed>) = 3 [pid 5834] <... umount2 resumed>) = 0 [ 225.393464][ T8774] loop3: detected capacity change from 0 to 256 [ 225.411540][ T8775] loop0: detected capacity change from 0 to 256 [ 225.419782][ T8771] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8776] write(3, "1000", 4 [pid 8771] <... openat resumed>) = 4 [pid 8776] <... write resumed>) = 4 [pid 8776] close(3 [pid 8771] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8770] <... futex resumed>) = 0 [pid 8770] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8770] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8771] <... futex resumed>) = 1 [pid 8776] <... close resumed>) = 0 [pid 8771] mkdir("./file2", 0777 [pid 8776] symlink("/dev/binderfs", "./binderfs" [pid 8771] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8776] <... symlink resumed>) = 0 [pid 8771] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- executing program [pid 8776] write(1, "executing program\n", 18) = 18 [pid 8771] +++ killed by SIGSEGV +++ [pid 8776] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8770] <... futex resumed>) = ? [pid 8776] <... futex resumed>) = 0 [pid 8770] +++ killed by SIGSEGV +++ [pid 8776] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8770, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8776] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8776] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8776] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8776] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8777 attached => {parent_tid=[8777]}, 88) = 8777 [pid 8776] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8776] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8776] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8777] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5834] newfstatat(AT_FDCWD, "./254/file1", [pid 8777] <... rseq resumed>) = 0 [pid 8777] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8777] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8777] memfd_create("syzkaller", 0) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] openat(AT_FDCWD, "./254/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8777] <... mmap resumed>) = 0x7f3002800000 [pid 8777] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8777] <... write resumed>) = 131072 [pid 5832] openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8777] munmap(0x7f3002800000, 138412032 [pid 5832] <... openat resumed>) = 3 [pid 8777] <... munmap resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8777] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8777] <... openat resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 225.477347][ T8775] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 225.489583][ T8771] exFAT-fs (loop2): error, data size is invalid(9000) [ 225.489605][ T8771] exFAT-fs (loop2): Filesystem has been set read-only [ 225.515221][ T8774] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8777] ioctl(4, LOOP_SET_FD, 3 [pid 5834] getdents64(4, [pid 8775] <... mount resumed>) = 0 [pid 8774] <... mount resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8775] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] close(4 [pid 8775] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 8775] chdir("./file1" [pid 5834] rmdir("./254/file1" [pid 8775] <... chdir resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8775] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8774] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8774] <... openat resumed>) = 3 [pid 5834] newfstatat(AT_FDCWD, "./254/binderfs", [pid 8775] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./249/file1", [pid 8774] chdir("./file1" [pid 8775] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] unlink("./254/binderfs" [pid 8774] <... chdir resumed>) = 0 [pid 8775] <... futex resumed>) = 1 [pid 8774] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8772] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8772] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 5832] umount2("./249/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./249/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8772] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 8772] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] close(3) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] rmdir("./254" [pid 5832] close(4) = 0 [pid 5832] rmdir("./249/file1" [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5834] mkdir("./255", 0777 [pid 5832] umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8774] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./249/binderfs", [pid 8775] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8774] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8773] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8773] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8774] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8773] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8773] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8774] <... openat resumed>) = 4 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] unlink("./249/binderfs" [pid 8774] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... unlink resumed>) = 0 [pid 8774] <... futex resumed>) = 1 [pid 8773] <... futex resumed>) = 0 [pid 8773] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 8775] <... openat resumed>) = 4 [pid 8773] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8774] mkdir("./file2", 0777 [pid 5832] getdents64(3, [pid 8777] <... ioctl resumed>) = 0 [pid 8775] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8777] close(3 [pid 8775] <... futex resumed>) = 1 [pid 8772] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5832] close(3 [pid 8775] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8772] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8772] <... futex resumed>) = 0 [pid 8775] mkdir("./file2", 0777 [pid 8777] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8777] close(4 [pid 5832] rmdir("./249" [pid 8777] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8777] mkdir("./file1", 0777) = 0 [pid 5832] mkdir("./250", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8778 attached [pid 8777] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8778 [ 225.555621][ T8777] loop1: detected capacity change from 0 to 256 [ 225.583231][ T8774] exFAT-fs (loop3): error, data size is invalid(9000) [ 225.598759][ T8775] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8778] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8778] chdir("./250") = 0 [pid 8778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8778] setpgid(0, 0 [pid 8772] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8778] <... setpgid resumed>) = 0 [pid 8778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8778] write(3, "1000", 4) = 4 [pid 8778] close(3) = 0 ./strace-static-x86_64: Process 8779 attached executing program [pid 8778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8778] write(1, "executing program\n", 18) = 18 [pid 8778] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8779] set_robust_list(0x55556b85b6a0, 24 [pid 8778] <... futex resumed>) = 0 [pid 8773] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8778] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8773] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8778] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8773] <... futex resumed>) = 0 [pid 8778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8779] <... set_robust_list resumed>) = 0 [pid 8778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8773] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8779 [pid 8778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8773] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8778] <... mmap resumed>) = 0x7f300ac28000 [pid 8773] <... mprotect resumed>) = 0 [pid 8778] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8773] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8778] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8773] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8779] chdir("./255" [pid 8778] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8772] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8779] <... chdir resumed>) = 0 [pid 8772] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8772] <... futex resumed>) = 0 [pid 8779] <... prctl resumed>) = 0 [pid 8772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8779] setpgid(0, 0 [pid 8778] <... clone3 resumed> => {parent_tid=[8781]}, 88) = 8781 [pid 8773] <... clone3 resumed> => {parent_tid=[8780]}, 88) = 8780 [pid 8772] <... mmap resumed>) = 0x7f300ac07000 [pid 8779] <... setpgid resumed>) = 0 [pid 8778] rt_sigprocmask(SIG_SETMASK, [], [pid 8773] rt_sigprocmask(SIG_SETMASK, [], [pid 8772] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8778] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8773] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8772] <... mprotect resumed>) = 0 [pid 8779] <... openat resumed>) = 3 [pid 8779] write(3, "1000", 4 [pid 8778] <... futex resumed>) = 0 [pid 8773] <... futex resumed>) = 0 [pid 8772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8779] <... write resumed>) = 4 [pid 8772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8779] close(3 [pid 8772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8779] <... close resumed>) = 0 ./strace-static-x86_64: Process 8782 attached ./strace-static-x86_64: Process 8781 attached ./strace-static-x86_64: Process 8780 attached [pid 8779] symlink("/dev/binderfs", "./binderfs" [pid 8778] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8773] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8781] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8780] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8774] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8772] <... clone3 resumed> => {parent_tid=[8782]}, 88) = 8782 [pid 8779] <... symlink resumed>) = 0 [pid 8781] <... rseq resumed>) = 0 [pid 8780] <... rseq resumed>) = 0 [pid 8774] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8781] set_robust_list(0x7f300ac489a0, 24 [pid 8773] <... futex resumed>) = ? executing program [pid 8781] <... set_robust_list resumed>) = 0 [pid 8779] write(1, "executing program\n", 18 [pid 8774] +++ killed by SIGSEGV +++ [pid 8772] rt_sigprocmask(SIG_SETMASK, [], [pid 8781] rt_sigprocmask(SIG_SETMASK, [], [pid 8779] <... write resumed>) = 18 [pid 8772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8779] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8772] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8781] memfd_create("syzkaller", 0 [pid 8779] <... futex resumed>) = 0 [pid 8772] <... futex resumed>) = 0 [ 225.606139][ T8775] exFAT-fs (loop0): Filesystem has been set read-only [ 225.625852][ T8774] exFAT-fs (loop3): Filesystem has been set read-only [ 225.644166][ T8777] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8782] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8781] <... memfd_create resumed>) = 3 [pid 8780] +++ killed by SIGSEGV +++ [pid 8779] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8775] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8773] +++ killed by SIGSEGV +++ [pid 8772] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8782] set_robust_list(0x7f300ac279a0, 24 [pid 8781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8779] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8775] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8782] <... set_robust_list resumed>) = ? [pid 8781] <... mmap resumed>) = 0x7f3002800000 [pid 8779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8772] <... futex resumed>) = ? [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8773, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8782] +++ killed by SIGSEGV +++ [pid 8781] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8775] +++ killed by SIGSEGV +++ [pid 8781] <... write resumed>) = 131072 [pid 8779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8781] munmap(0x7f3002800000, 138412032) = 0 [pid 8779] <... mmap resumed>) = 0x7f300ac28000 [pid 8772] +++ killed by SIGSEGV +++ [pid 8781] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8779] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8781] <... openat resumed>) = 4 [pid 8781] ioctl(4, LOOP_SET_FD, 3 [pid 8779] <... mprotect resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8772, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8781] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5833] umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8781] ioctl(4, LOOP_SET_FD, 3 [pid 8779] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... openat resumed>) = 3 [pid 8781] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8777] <... mount resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 5830] umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8781] close(4) = 0 [pid 8777] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 8781] close(3 [pid 8777] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 8781] <... close resumed>) = 0 [pid 8779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] getdents64(3, [pid 8781] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8777] chdir("./file1" [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8781] <... futex resumed>) = 1 [pid 8778] <... futex resumed>) = 0 [pid 8777] <... chdir resumed>) = 0 [pid 8781] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8778] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8783 attached [pid 8781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8778] <... futex resumed>) = 0 [pid 8777] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... umount2 resumed>) = 0 [pid 8783] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8781] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8779] <... clone3 resumed> => {parent_tid=[8783]}, 88) = 8783 [pid 8778] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8777] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8783] <... rseq resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./256/file1", [pid 8781] <... openat resumed>) = 3 [pid 8777] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8777] <... futex resumed>) = 1 [pid 8776] <... futex resumed>) = 0 [pid 5833] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8777] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8776] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8781] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8776] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8781] <... futex resumed>) = 1 [pid 8778] <... futex resumed>) = 0 [pid 8776] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 4 [pid 8783] set_robust_list(0x7f300ac489a0, 24 [pid 8781] mkdir("./file2", 0777 [pid 8779] rt_sigprocmask(SIG_SETMASK, [], [pid 8778] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(4, "", [pid 5830] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8783] <... set_robust_list resumed>) = 0 [pid 8781] <... mkdir resumed>) = 0 [pid 8779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8778] <... futex resumed>) = 0 [pid 8777] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8783] rt_sigprocmask(SIG_SETMASK, [], [pid 8781] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8779] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8778] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8777] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8779] <... futex resumed>) = 0 [pid 8778] <... futex resumed>) = ? [pid 8777] <... futex resumed>) = 1 [pid 8776] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(AT_FDCWD, "./254/file1", [pid 8783] memfd_create("syzkaller", 0 [pid 8781] +++ killed by SIGSEGV +++ [pid 8779] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8778] +++ killed by SIGSEGV +++ [pid 8777] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8776] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 8783] <... memfd_create resumed>) = 3 [pid 8776] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8776] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] close(4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8778, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8783] <... mmap resumed>) = 0x7f3002800000 [pid 8777] mkdir("./file2", 0777 [pid 5833] <... close resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8783] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] rmdir("./256/file1" [pid 5832] <... restart_syscall resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./254/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8783] <... write resumed>) = 131072 [pid 5832] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 8783] munmap(0x7f3002800000, 138412032 [pid 5833] umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(4, "", [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8783] <... munmap resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] getdents64(4, [pid 5833] newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./256/binderfs") = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 5833] rmdir("./256" [pid 5832] umount2("./250/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] newfstatat(AT_FDCWD, "./250/devices.list", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./250/devices.list") = 0 [pid 8783] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8783] <... openat resumed>) = 4 [pid 5830] close(4 [pid 8783] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... close resumed>) = 0 [pid 5833] mkdir("./257", 0777 [pid 5832] umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./250/binderfs") = 0 [pid 5832] umount2("./250/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./250/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./250/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8783] <... ioctl resumed>) = 0 [pid 5830] rmdir("./254/file1" [pid 5832] openat(AT_FDCWD, "./250/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5833] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] close(4 [pid 5830] umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8776] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 5832] rmdir("./250/file2" [pid 5833] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./254/binderfs", [pid 8776] <... futex resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] unlink("./254/binderfs"./strace-static-x86_64: Process 8784 attached [pid 8776] <... mmap resumed>) = 0x7f300ac07000 [pid 8776] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] getdents64(3, [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 8776] <... mprotect resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 8784] set_robust_list(0x55556b85b6a0, 24 [pid 8776] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] close(3 [pid 5830] <... close resumed>) = 0 [pid 8784] <... set_robust_list resumed>) = 0 [pid 8776] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 8784] chdir("./257" [pid 8776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] rmdir("./250"./strace-static-x86_64: Process 8785 attached [pid 8784] <... chdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8784 [pid 5832] <... rmdir resumed>) = 0 [pid 8784] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8776] <... clone3 resumed> => {parent_tid=[8785]}, 88) = 8785 [pid 8784] <... prctl resumed>) = 0 [pid 8776] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] mkdir("./251", 0777 [pid 5830] rmdir("./254" [pid 8785] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8784] setpgid(0, 0 [pid 8776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8785] <... rseq resumed>) = 0 [pid 8784] <... setpgid resumed>) = 0 [pid 8776] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8785] set_robust_list(0x7f300ac279a0, 24 [pid 8784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8776] <... futex resumed>) = 0 [pid 8785] <... set_robust_list resumed>) = 0 [pid 8776] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 3 [pid 8785] rt_sigprocmask(SIG_SETMASK, [], [pid 8784] <... openat resumed>) = 3 [pid 8783] close(3 [pid 5830] mkdir("./255", 0777 [pid 8785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8784] write(3, "1000", 4 [pid 8783] <... close resumed>) = 0 [pid 8785] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8784] <... write resumed>) = 4 [pid 8783] close(4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... mkdir resumed>) = 0 [pid 8785] <... ioctl resumed>) = 0 [pid 8784] close(3 [pid 8783] <... close resumed>) = 0 [pid 8777] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8785] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8784] <... close resumed>) = 0 [pid 8783] mkdir("./file1", 0777 [pid 8777] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8785] <... futex resumed>) = ? [pid 8784] symlink("/dev/binderfs", "./binderfs" [pid 8783] <... mkdir resumed>) = 0 [pid 8776] <... futex resumed>) = ? [ 225.755788][ T8777] exFAT-fs (loop1): error, data size is invalid(9000) [ 225.780643][ T8783] loop4: detected capacity change from 0 to 256 [ 225.792051][ T8777] exFAT-fs (loop1): Filesystem has been set read-only executing program [pid 5832] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8785] +++ killed by SIGSEGV +++ [pid 8784] <... symlink resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8783] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8784] write(1, "executing program\n", 18./strace-static-x86_64: Process 8786 attached ) = 18 [pid 5830] <... ioctl resumed>) = 0 [pid 8784] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8784] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8786] set_robust_list(0x55556b85b6a0, 24 [pid 8784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8786 [pid 8786] <... set_robust_list resumed>) = 0 [pid 8784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8786] chdir("./251" [pid 8784] <... mmap resumed>) = 0x7f300ac28000 [pid 8786] <... chdir resumed>) = 0 [pid 8784] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8786] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8784] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8786] <... prctl resumed>) = 0 [pid 8784] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8786] setpgid(0, 0 [pid 8784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8786] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 8787 attached [pid 8777] +++ killed by SIGSEGV +++ [pid 8776] +++ killed by SIGSEGV +++ [pid 5830] close(3 [pid 8787] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8776, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8787] <... rseq resumed>) = 0 [pid 8786] <... openat resumed>) = 3 [pid 8784] <... clone3 resumed> => {parent_tid=[8787]}, 88) = 8787 [pid 8787] set_robust_list(0x7f300ac489a0, 24 [pid 8784] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... close resumed>) = 0 [pid 8787] <... set_robust_list resumed>) = 0 [pid 8786] write(3, "1000", 4 [pid 5831] umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8787] rt_sigprocmask(SIG_SETMASK, [], [pid 8786] <... write resumed>) = 4 [pid 8784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8786] close(3 [pid 8784] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8788 attached [pid 8787] memfd_create("syzkaller", 0 [pid 8786] <... close resumed>) = 0 [pid 8784] <... futex resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8788] set_robust_list(0x55556b85b6a0, 24 [pid 5831] getdents64(3, [pid 8788] <... set_robust_list resumed>) = 0 [pid 8787] <... memfd_create resumed>) = 3 [pid 8786] symlink("/dev/binderfs", "./binderfs" [pid 8784] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8788] chdir("./255" [pid 8787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8786] <... symlink resumed>) = 0 [pid 5831] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8788] <... chdir resumed>) = 0 [pid 8787] <... mmap resumed>) = 0x7f3002800000 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8788 [pid 8788] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8787] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8788] <... prctl resumed>) = 0 [pid 8786] write(1, "executing program\n", 18 [pid 5831] <... umount2 resumed>) = 0 [pid 8788] setpgid(0, 0) = 0 [pid 8787] <... write resumed>) = 131072 [pid 5831] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8786] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8786] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(AT_FDCWD, "./258/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8786] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8786] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8786] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] newfstatat(4, "", [pid 8786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] getdents64(4, [pid 8786] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8787] munmap(0x7f3002800000, 138412032 [pid 8786] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] getdents64(4, [pid 8787] <... munmap resumed>) = 0 [pid 8786] <... mprotect resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] close(4 [pid 8786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 8787] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] rmdir("./258/file1" [pid 8787] <... openat resumed>) = 4 [pid 5831] <... rmdir resumed>) = 0 [pid 8788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8787] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8789 attached [pid 8787] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8787] ioctl(4, LOOP_CLR_FD [pid 5831] newfstatat(AT_FDCWD, "./258/binderfs", [pid 8787] <... ioctl resumed>) = 0 [pid 8786] <... clone3 resumed> => {parent_tid=[8789]}, 88) = 8789 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8789] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8786] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] unlink("./258/binderfs" [pid 8789] <... rseq resumed>) = 0 [pid 8786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8789] set_robust_list(0x7f300ac489a0, 24 [pid 8786] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 8789] <... set_robust_list resumed>) = 0 [pid 8786] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8789] rt_sigprocmask(SIG_SETMASK, [], [pid 8786] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] close(3 [pid 8789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8787] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... close resumed>) = 0 [pid 8789] memfd_create("syzkaller", 0 [pid 8787] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] rmdir("./258" [pid 8787] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 8787] <... close resumed>) = 0 [pid 5831] mkdir("./259", 0777 [pid 8787] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 8787] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8788] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 8789] <... memfd_create resumed>) = 3 [pid 8788] write(3, "1000", 4 [pid 8787] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8787] <... futex resumed>) = 1 [pid 8784] <... futex resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8789] <... mmap resumed>) = 0x7f3002800000 [pid 8788] <... write resumed>) = 4 [pid 8787] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8784] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8789] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8787] <... openat resumed>) = 3 [pid 8784] <... futex resumed>) = 0 [pid 5831] close(3 [pid 8788] close(3 [pid 8787] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8784] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 8789] <... write resumed>) = 131072 [pid 8788] <... close resumed>) = 0 [pid 8787] <... futex resumed>) = 0 [pid 8784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8787] mkdir("./file2", 0777 [pid 8784] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8787] <... mkdir resumed>) = 0 [pid 8784] <... futex resumed>) = 0 [pid 8788] symlink("/dev/binderfs", "./binderfs" [pid 8787] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8784] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 8790 attached [ 225.884985][ T8783] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8788] <... symlink resumed>) = 0 executing program [pid 8789] munmap(0x7f3002800000, 138412032 [pid 8788] write(1, "executing program\n", 18 [pid 8787] +++ killed by SIGSEGV +++ [pid 8784] +++ killed by SIGSEGV +++ [pid 8790] set_robust_list(0x55556b85b6a0, 24 [pid 8783] <... mount resumed>) = 0 [pid 8790] <... set_robust_list resumed>) = 0 [pid 8789] <... munmap resumed>) = 0 [pid 8788] <... write resumed>) = 18 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8784, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8790 [pid 8790] chdir("./259" [pid 8788] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8790] <... chdir resumed>) = 0 [pid 8788] <... futex resumed>) = 0 [pid 8783] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... restart_syscall resumed>) = 0 [pid 8790] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8789] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8788] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8783] <... openat resumed>) = 3 [pid 8790] <... prctl resumed>) = 0 [pid 8789] <... openat resumed>) = 4 [pid 8788] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8783] chdir("./file1" [pid 8790] setpgid(0, 0 [pid 8789] ioctl(4, LOOP_SET_FD, 3 [pid 8788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8783] <... chdir resumed>) = 0 [pid 5833] umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8790] <... setpgid resumed>) = 0 [pid 8788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8783] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8788] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8788] <... mprotect resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8788] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, [pid 8788] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8783] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8783] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./257/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8791 attached [pid 8788] <... clone3 resumed> => {parent_tid=[8791]}, 88) = 8791 [pid 8783] <... futex resumed>) = 1 [pid 8779] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8788] rt_sigprocmask(SIG_SETMASK, [], [pid 8791] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8779] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./257/devices.list", [pid 8791] <... rseq resumed>) = 0 [pid 8788] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8779] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8779] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8788] <... futex resumed>) = 0 [pid 8791] set_robust_list(0x7f300ac489a0, 24 [pid 5833] unlink("./257/devices.list" [pid 8791] <... set_robust_list resumed>) = 0 [pid 8788] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... unlink resumed>) = 0 [pid 8791] rt_sigprocmask(SIG_SETMASK, [], [pid 8790] <... openat resumed>) = 3 [pid 8783] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8783] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8790] write(3, "1000", 4 [pid 8783] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] unlink("./257/binderfs" [pid 8790] <... write resumed>) = 4 [pid 8783] <... futex resumed>) = 1 [pid 8779] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8790] close(3 [pid 8779] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./257/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8791] memfd_create("syzkaller", 0 [pid 8790] <... close resumed>) = 0 [pid 8779] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8791] <... memfd_create resumed>) = 3 [pid 8790] symlink("/dev/binderfs", "./binderfs" [pid 8779] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] newfstatat(AT_FDCWD, "./257/file2", [pid 8790] <... symlink resumed>) = 0 [pid 8783] mkdir("./file2", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8790] write(1, "executing program\n", 18executing program [pid 8791] <... mmap resumed>) = 0x7f3002800000 [pid 8789] <... ioctl resumed>) = 0 [pid 8790] <... write resumed>) = 18 [pid 8789] close(3 [pid 5833] umount2("./257/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8790] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8789] <... close resumed>) = 0 [pid 8791] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8790] <... futex resumed>) = 0 [pid 8789] close(4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8790] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8789] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./257/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8790] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8789] mkdir("./file1", 0777 [pid 5833] <... openat resumed>) = 4 [pid 8790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8789] <... mkdir resumed>) = 0 [pid 8790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8789] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5833] newfstatat(4, "", [pid 8790] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8790] <... mprotect resumed>) = 0 [pid 5833] getdents64(4, [pid 8791] <... write resumed>) = 131072 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8791] munmap(0x7f3002800000, 138412032 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./257/file2" [pid 8791] <... munmap resumed>) = 0 [pid 8790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... rmdir resumed>) = 0 [pid 8790] <... rt_sigprocmask resumed>[], 8) = 0 [ 225.956434][ T8789] loop2: detected capacity change from 0 to 256 [ 225.979521][ T8783] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] getdents64(3, ./strace-static-x86_64: Process 8792 attached 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 8791] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8792] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8791] <... openat resumed>) = 4 [pid 8790] <... clone3 resumed> => {parent_tid=[8792]}, 88) = 8792 [pid 8792] <... rseq resumed>) = 0 [pid 8791] ioctl(4, LOOP_SET_FD, 3 [pid 8790] rt_sigprocmask(SIG_SETMASK, [], [pid 8792] set_robust_list(0x7f300ac489a0, 24 [pid 8790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8783] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8792] <... set_robust_list resumed>) = 0 [pid 8790] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./257" [pid 8790] <... futex resumed>) = 0 [pid 8779] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... rmdir resumed>) = 0 [pid 8792] rt_sigprocmask(SIG_SETMASK, [], [pid 8790] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8779] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8779] <... futex resumed>) = 0 [pid 5833] mkdir("./258", 0777 [pid 8792] memfd_create("syzkaller", 0 [pid 8779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8792] <... memfd_create resumed>) = 3 [pid 8779] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8779] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... openat resumed>) = 3 [pid 8792] <... mmap resumed>) = 0x7f3002800000 [pid 8779] <... mprotect resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8792] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8779] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(3 [pid 8779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8779] <... clone3 resumed> => {parent_tid=[8793]}, 88) = 8793 [pid 8779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8794 [pid 8779] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8779] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8793 attached [pid 8792] <... write resumed>) = 131072 [pid 8793] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8792] munmap(0x7f3002800000, 138412032 [pid 8793] <... rseq resumed>) = 0 [pid 8792] <... munmap resumed>) = 0 [pid 8793] set_robust_list(0x7f300ac279a0, 24 [pid 8792] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8783] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8793] <... set_robust_list resumed>) = ? [pid 8792] <... openat resumed>) = 4 [pid 8779] <... futex resumed>) = ? [pid 8793] +++ killed by SIGSEGV +++ [ 226.005057][ T8789] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 226.019156][ T8783] exFAT-fs (loop4): Filesystem has been set read-only [ 226.019710][ T8791] loop0: detected capacity change from 0 to 256 [pid 8792] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8794 attached [pid 8794] set_robust_list(0x55556b85b6a0, 24 [pid 8783] +++ killed by SIGSEGV +++ [pid 8779] +++ killed by SIGSEGV +++ [pid 8794] <... set_robust_list resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8779, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8794] chdir("./258") = 0 [pid 5834] umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8794] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8794] <... prctl resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8794] setpgid(0, 0) = 0 [pid 8789] <... mount resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] newfstatat(3, "", [pid 8794] <... openat resumed>) = 3 [pid 8789] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8794] write(3, "1000", 4 [pid 8789] <... openat resumed>) = 3 [pid 5834] getdents64(3, [pid 8794] <... write resumed>) = 4 [pid 8789] chdir("./file1" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8794] close(3 [pid 8789] <... chdir resumed>) = 0 [pid 5834] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8794] <... close resumed>) = 0 [pid 8791] <... ioctl resumed>) = 0 [pid 8789] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8794] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8791] close(3 [pid 8789] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8794] write(1, "executing program\n", 18 [pid 8791] <... close resumed>) = 0 [pid 8794] <... write resumed>) = 18 [pid 8791] close(4 [pid 8794] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8792] <... ioctl resumed>) = 0 [pid 8794] <... futex resumed>) = 0 [pid 8791] <... close resumed>) = 0 [pid 8789] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = 0 [pid 8794] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8792] close(3 [pid 8791] mkdir("./file1", 0777 [pid 8789] <... futex resumed>) = 1 [pid 8786] <... futex resumed>) = 0 [pid 5834] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8794] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8792] <... close resumed>) = 0 [ 226.050928][ T8792] loop1: detected capacity change from 0 to 256 [pid 8791] <... mkdir resumed>) = 0 [pid 8789] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8786] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8792] close(4 [pid 8791] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8786] <... futex resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./255/file1", [pid 8794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8792] <... close resumed>) = 0 [pid 8789] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8786] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8792] mkdir("./file1", 0777 [pid 8789] <... openat resumed>) = 4 [pid 5834] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8794] <... mmap resumed>) = 0x7f300ac28000 [pid 8792] <... mkdir resumed>) = 0 [pid 8789] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8794] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8792] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8789] <... futex resumed>) = 1 [pid 8786] <... futex resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8794] <... mprotect resumed>) = 0 [pid 8786] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8794] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8786] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8789] mkdir("./file2", 0777 [pid 8786] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(4, "", [pid 8794] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./255/file1") = 0 [pid 5834] umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./255/binderfs") = 0 [pid 5834] getdents64(3, ./strace-static-x86_64: Process 8795 attached [pid 8795] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8794] <... clone3 resumed> => {parent_tid=[8795]}, 88) = 8795 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8794] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] close(3 [pid 8794] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8795] <... rseq resumed>) = 0 [pid 8795] set_robust_list(0x7f300ac489a0, 24 [pid 8794] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] rmdir("./255" [pid 8795] <... set_robust_list resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5834] mkdir("./256", 0777) = 0 [pid 8795] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [ 226.118768][ T8789] exFAT-fs (loop2): error, data size is invalid(9000) [ 226.125705][ T8789] exFAT-fs (loop2): Filesystem has been set read-only [ 226.148324][ T8791] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] close(3 [pid 8795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 8789] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8789] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8795] memfd_create("syzkaller", 0 [pid 8786] <... futex resumed>) = ? [pid 8789] +++ killed by SIGSEGV +++ [pid 8786] +++ killed by SIGSEGV +++ [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8796 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8786, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- ./strace-static-x86_64: Process 8796 attached [pid 5832] umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8796] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8796] <... set_robust_list resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8796] chdir("./256" [pid 5832] <... openat resumed>) = 3 [pid 8796] <... chdir resumed>) = 0 [pid 8795] <... memfd_create resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 8796] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8796] <... prctl resumed>) = 0 [pid 5832] getdents64(3, [pid 8796] setpgid(0, 0) = 0 [pid 8795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8795] <... mmap resumed>) = 0x7f3002800000 [pid 8796] <... openat resumed>) = 3 [pid 8791] <... mount resumed>) = 0 [pid 5832] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8796] write(3, "1000", 4) = 4 [pid 8796] close(3 [pid 8795] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8791] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8796] <... close resumed>) = 0 [pid 8791] <... openat resumed>) = 3 [pid 8796] symlink("/dev/binderfs", "./binderfs" [pid 8791] chdir("./file1" [pid 8796] <... symlink resumed>) = 0 executing program [pid 8796] write(1, "executing program\n", 18 [pid 8791] <... chdir resumed>) = 0 [pid 8796] <... write resumed>) = 18 [pid 8796] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8796] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8795] <... write resumed>) = 131072 [pid 5832] <... umount2 resumed>) = 0 [pid 8796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8796] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] newfstatat(AT_FDCWD, "./251/file1", [pid 8796] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8796] <... mprotect resumed>) = 0 [pid 5832] umount2("./251/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] openat(AT_FDCWD, "./251/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8797 attached [pid 5832] newfstatat(4, "", [pid 8796] <... clone3 resumed> => {parent_tid=[8797]}, 88) = 8797 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8796] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] getdents64(4, [pid 8797] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8797] <... rseq resumed>) = 0 [pid 8796] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8797] set_robust_list(0x7f300ac489a0, 24 [pid 8796] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8797] <... set_robust_list resumed>) = 0 [pid 8796] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8795] munmap(0x7f3002800000, 138412032 [pid 8791] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(4 [pid 8797] rt_sigprocmask(SIG_SETMASK, [], [pid 8795] <... munmap resumed>) = 0 [pid 8792] <... mount resumed>) = 0 [pid 8791] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 226.165377][ T8792] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] <... close resumed>) = 0 [pid 8797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8795] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8792] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8791] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./251/file1" [pid 8797] memfd_create("syzkaller", 0 [pid 8795] <... openat resumed>) = 4 [pid 8792] <... openat resumed>) = 3 [pid 8791] <... futex resumed>) = 1 [pid 8788] <... futex resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8795] ioctl(4, LOOP_SET_FD, 3 [pid 8791] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8788] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8797] <... memfd_create resumed>) = 3 [pid 8792] chdir("./file1" [pid 8797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8792] <... chdir resumed>) = 0 [pid 5832] umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8797] <... mmap resumed>) = 0x7f3002800000 [pid 8792] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8792] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8797] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8792] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] newfstatat(AT_FDCWD, "./251/binderfs", [pid 8792] <... futex resumed>) = 1 [pid 8790] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8792] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8790] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] unlink("./251/binderfs" [pid 8791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8790] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8788] <... futex resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8791] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8797] <... write resumed>) = 131072 [pid 8788] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8792] <... openat resumed>) = 4 [pid 8791] <... openat resumed>) = 4 [pid 5832] close(3 [pid 8791] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... close resumed>) = 0 [pid 8791] <... futex resumed>) = 1 [pid 8788] <... futex resumed>) = 0 [pid 8792] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8791] mkdir("./file2", 0777 [pid 8788] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./251" [pid 8792] <... futex resumed>) = 1 [pid 8790] <... futex resumed>) = 0 [pid 8792] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8790] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8797] munmap(0x7f3002800000, 138412032 [pid 8792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8790] <... futex resumed>) = 0 [pid 8797] <... munmap resumed>) = 0 [pid 8792] mkdir("./file2", 0777 [pid 8790] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... rmdir resumed>) = 0 [pid 8797] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8788] <... futex resumed>) = 0 [pid 8797] <... openat resumed>) = 4 [pid 8788] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8797] ioctl(4, LOOP_SET_FD, 3 [pid 5832] mkdir("./252", 0777 [pid 8795] <... ioctl resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8795] close(3 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8795] <... close resumed>) = 0 [pid 8795] close(4) = 0 [pid 8795] mkdir("./file1", 0777 [pid 8797] <... ioctl resumed>) = 0 [pid 8795] <... mkdir resumed>) = 0 [ 226.233910][ T8795] loop3: detected capacity change from 0 to 256 [ 226.247954][ T8791] exFAT-fs (loop0): error, data size is invalid(9000) [ 226.252829][ T8792] exFAT-fs (loop1): error, data size is invalid(9000) [ 226.264149][ T8797] loop4: detected capacity change from 0 to 256 [pid 8797] close(3) = 0 [pid 8795] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] <... openat resumed>) = 3 [pid 8797] close(4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8797] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8797] mkdir("./file1", 0777 [pid 5832] close(3 [pid 8797] <... mkdir resumed>) = 0 [pid 8797] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] <... close resumed>) = 0 [pid 8791] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8790] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8788] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8790] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8788] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8790] <... futex resumed>) = 0 [pid 8790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8790] <... mmap resumed>) = 0x7f300ac07000 [pid 8788] <... futex resumed>) = 0 [pid 8790] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8798 [pid 8790] <... mprotect resumed>) = 0 [pid 8790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8799]}, 88) = 8799 [pid 8790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8790] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8790] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8799 attached [pid 8792] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8799] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8792] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8799] <... rseq resumed>) = ? [pid 8790] <... futex resumed>) = ? [pid 8799] +++ killed by SIGSEGV +++ [ 226.288668][ T8791] exFAT-fs (loop0): Filesystem has been set read-only [ 226.292274][ T8792] exFAT-fs (loop1): Filesystem has been set read-only ./strace-static-x86_64: Process 8798 attached [pid 8795] <... mount resumed>) = 0 [pid 8792] +++ killed by SIGSEGV +++ [pid 8791] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8790] +++ killed by SIGSEGV +++ [pid 8788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8798] set_robust_list(0x55556b85b6a0, 24 [pid 8788] <... mmap resumed>) = 0x7f300ac07000 [pid 8798] <... set_robust_list resumed>) = 0 [pid 8795] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8790, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8798] chdir("./252" [pid 8795] <... openat resumed>) = 3 [pid 8791] +++ killed by SIGSEGV +++ [pid 8788] +++ killed by SIGSEGV +++ [pid 8798] <... chdir resumed>) = 0 [pid 8795] chdir("./file1" [pid 5831] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8788, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8798] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8795] <... chdir resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8798] <... prctl resumed>) = 0 [pid 8795] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8798] setpgid(0, 0 [pid 8795] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... restart_syscall resumed>) = 0 [pid 8798] <... setpgid resumed>) = 0 [pid 8795] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8795] <... futex resumed>) = 1 [pid 8798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8794] <... futex resumed>) = 0 [pid 8795] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8794] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8798] <... openat resumed>) = 3 [pid 8795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8794] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] write(3, "1000", 4 [pid 8795] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8794] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8798] <... write resumed>) = 4 [pid 8795] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 8798] close(3 [pid 8795] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 226.342766][ T8795] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 226.347838][ T8797] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] newfstatat(3, "", [pid 8798] <... close resumed>) = 0 [pid 8795] <... futex resumed>) = 1 [pid 8794] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8798] symlink("/dev/binderfs", "./binderfs" [pid 8794] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 8798] <... symlink resumed>) = 0 [pid 8794] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8798] write(1, "executing program\n", 18 [pid 8795] mkdir("./file2", 0777 [pid 8794] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./259/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8798] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8798] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] <... futex resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./255/file1", [pid 8798] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8798] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] getdents64(4, [pid 5830] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 8798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8798] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] close(4 [pid 5830] newfstatat(4, "", [pid 8798] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8798] <... mprotect resumed>) = 0 [pid 5831] rmdir("./259/file1" [pid 5830] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./259/binderfs") = 0 [pid 8795] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8798] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8795] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 8798] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8794] <... futex resumed>) = ? [pid 5831] <... close resumed>) = 0 [pid 8798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] rmdir("./259" [pid 5830] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./260", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8795] +++ killed by SIGSEGV +++ [pid 8794] +++ killed by SIGSEGV +++ [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8800 attached [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] close(4 [pid 8800] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8798] <... clone3 resumed> => {parent_tid=[8800]}, 88) = 8800 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8794, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8800] <... rseq resumed>) = 0 [pid 8800] set_robust_list(0x7f300ac489a0, 24 [pid 8798] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] close(3 [pid 5830] rmdir("./255/file1" [pid 8800] <... set_robust_list resumed>) = 0 [pid 8798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8800] rt_sigprocmask(SIG_SETMASK, [], [pid 8798] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8798] <... futex resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8801 attached [pid 8800] memfd_create("syzkaller", 0 [pid 8798] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... restart_syscall resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8800] <... memfd_create resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./255/binderfs", [pid 8800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5833] umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8801 [pid 5830] unlink("./255/binderfs" [pid 8800] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8797] <... mount resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8797] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... unlink resumed>) = 0 [pid 8797] <... openat resumed>) = 3 [pid 5833] <... openat resumed>) = 3 [pid 8797] chdir("./file1" [pid 5833] newfstatat(3, "", [pid 8797] <... chdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8797] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] getdents64(3, [pid 8797] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8797] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8797] <... futex resumed>) = 1 [pid 8796] <... futex resumed>) = 0 [pid 8797] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8796] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8796] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8797] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 8797] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8796] <... futex resumed>) = 0 [ 226.406872][ T8795] exFAT-fs (loop3): error, data size is invalid(9000) [ 226.430395][ T8795] exFAT-fs (loop3): Filesystem has been set read-only [pid 8797] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8796] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8796] <... futex resumed>) = 0 [pid 8797] mkdir("./file2", 0777 [pid 8796] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8801] set_robust_list(0x55556b85b6a0, 24 [pid 5830] getdents64(3, [pid 8801] <... set_robust_list resumed>) = 0 [pid 8800] <... write resumed>) = 131072 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 8801] chdir("./260") = 0 [pid 8800] munmap(0x7f3002800000, 138412032 [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8801] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./258/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8801] <... prctl resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", [pid 8801] setpgid(0, 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] rmdir("./255" [pid 5833] getdents64(4, [pid 8800] <... munmap resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 8801] <... setpgid resumed>) = 0 [pid 8800] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] close(4 [pid 5830] mkdir("./256", 0777 [pid 8800] <... openat resumed>) = 4 [pid 5833] <... close resumed>) = 0 [pid 8801] <... openat resumed>) = 3 [pid 5833] rmdir("./258/file1" [pid 8801] write(3, "1000", 4 [pid 8800] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... rmdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8801] <... write resumed>) = 4 [pid 5833] umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8801] close(3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8801] <... close resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 8801] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... openat resumed>) = 3 [pid 8801] <... symlink resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 8801] write(1, "executing program\n", 18) = 18 [pid 5830] close(3 [pid 5833] unlink("./258/binderfs") = 0 [pid 5830] <... close resumed>) = 0 [pid 8801] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] getdents64(3, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8801] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3./strace-static-x86_64: Process 8802 attached [pid 8801] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8802] set_robust_list(0x55556b85b6a0, 24 [pid 8801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8802 [pid 5833] rmdir("./258") = 0 [pid 5833] mkdir("./259", 0777) = 0 [pid 8801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8802] <... set_robust_list resumed>) = 0 [pid 8801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8800] <... ioctl resumed>) = 0 [pid 8802] chdir("./256" [pid 8801] <... mmap resumed>) = 0x7f300ac28000 [pid 8800] close(3 [pid 8796] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8802] <... chdir resumed>) = 0 [pid 8801] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8800] <... close resumed>) = 0 [pid 8796] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8802] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8801] <... mprotect resumed>) = 0 [pid 8800] close(4 [pid 8796] <... futex resumed>) = 0 [pid 8802] <... prctl resumed>) = 0 [pid 8801] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8802] setpgid(0, 0 [pid 8801] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8800] <... close resumed>) = 0 [pid 8796] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] <... ioctl resumed>) = 0 [pid 8796] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] close(3 [pid 8796] <... mprotect resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8803 attached [pid 8802] <... setpgid resumed>) = 0 [pid 8801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8800] mkdir("./file1", 0777 [pid 8796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8803] set_robust_list(0x55556b85b6a0, 24 [pid 8796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8805 attached ./strace-static-x86_64: Process 8804 attached [pid 8803] <... set_robust_list resumed>) = 0 [ 226.474539][ T8797] exFAT-fs (loop4): error, data size is invalid(9000) [ 226.497036][ T8800] loop2: detected capacity change from 0 to 256 [ 226.497803][ T8797] exFAT-fs (loop4): Filesystem has been set read-only [pid 8802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8801] <... clone3 resumed> => {parent_tid=[8804]}, 88) = 8804 [pid 8800] <... mkdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8803 [pid 8805] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8804] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8803] chdir("./259" [pid 8802] <... openat resumed>) = 3 [pid 8801] rt_sigprocmask(SIG_SETMASK, [], [pid 8800] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8796] <... clone3 resumed> => {parent_tid=[8805]}, 88) = 8805 [pid 8805] <... rseq resumed>) = 0 [pid 8804] <... rseq resumed>) = 0 [pid 8803] <... chdir resumed>) = 0 [pid 8802] write(3, "1000", 4 [pid 8801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8796] rt_sigprocmask(SIG_SETMASK, [], [pid 8805] set_robust_list(0x7f300ac279a0, 24 [pid 8804] set_robust_list(0x7f300ac489a0, 24 [pid 8803] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8802] <... write resumed>) = 4 [pid 8801] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8805] <... set_robust_list resumed>) = 0 [pid 8804] <... set_robust_list resumed>) = 0 [pid 8803] <... prctl resumed>) = 0 [pid 8802] close(3 [pid 8801] <... futex resumed>) = 0 [pid 8797] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8796] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8805] rt_sigprocmask(SIG_SETMASK, [], [pid 8804] rt_sigprocmask(SIG_SETMASK, [], [pid 8803] setpgid(0, 0 [pid 8802] <... close resumed>) = 0 [pid 8801] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8796] <... futex resumed>) = 0 [pid 8804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8803] <... setpgid resumed>) = 0 [pid 8802] symlink("/dev/binderfs", "./binderfs" [pid 8796] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8804] memfd_create("syzkaller", 0 [pid 8803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8805] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8797] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8804] <... memfd_create resumed>) = 3 [pid 8805] <... ioctl resumed>) = 0 [pid 8803] <... openat resumed>) = 3 [pid 8804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8802] <... symlink resumed>) = 0 [pid 8804] <... mmap resumed>) = 0x7f3002800000 [pid 8803] write(3, "1000", 4 [pid 8802] write(1, "executing program\n", 18 [pid 8796] <... futex resumed>) = ? executing program [pid 8805] +++ killed by SIGSEGV +++ [pid 8804] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8803] <... write resumed>) = 4 [pid 8802] <... write resumed>) = 18 [pid 8802] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8804] <... write resumed>) = 131072 [pid 8803] close(3 [pid 8802] <... futex resumed>) = 0 [pid 8802] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8803] <... close resumed>) = 0 [pid 8797] +++ killed by SIGSEGV +++ [pid 8796] +++ killed by SIGSEGV +++ [pid 8803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8796, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...>executing program [pid 8803] write(1, "executing program\n", 18) = 18 [pid 8803] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8803] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8803] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8806 attached [pid 8804] munmap(0x7f3002800000, 138412032 [pid 8802] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5834] umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8806] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5834] openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8806] <... rseq resumed>) = 0 [pid 8803] <... clone3 resumed> => {parent_tid=[8806]}, 88) = 8806 [pid 5834] <... openat resumed>) = 3 [pid 5834] newfstatat(3, "", [pid 8806] set_robust_list(0x7f300ac489a0, 24 [pid 8803] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] getdents64(3, [pid 8804] <... munmap resumed>) = 0 [pid 8803] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8804] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8803] <... futex resumed>) = 0 [pid 5834] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8804] <... openat resumed>) = 4 [pid 8803] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8806] <... set_robust_list resumed>) = 0 [pid 8804] ioctl(4, LOOP_SET_FD, 3 [pid 8802] <... mmap resumed>) = 0x7f300ac28000 [pid 8806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8806] memfd_create("syzkaller", 0) = 3 [pid 8806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8806] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8804] <... ioctl resumed>) = 0 [pid 8802] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... umount2 resumed>) = 0 [pid 8806] <... write resumed>) = 131072 [pid 8804] close(3 [pid 8802] <... mprotect resumed>) = 0 [pid 5834] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8806] munmap(0x7f3002800000, 138412032 [pid 8804] <... close resumed>) = 0 [pid 8802] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8806] <... munmap resumed>) = 0 [pid 8804] close(4 [pid 8802] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] newfstatat(AT_FDCWD, "./256/file1", [pid 8806] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8804] <... close resumed>) = 0 [pid 8802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8807 attached [pid 8806] <... openat resumed>) = 4 [pid 8804] mkdir("./file1", 0777 [pid 5834] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8802] <... clone3 resumed> => {parent_tid=[8807]}, 88) = 8807 [ 226.600946][ T8800] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 226.621731][ T8804] loop1: detected capacity change from 0 to 256 [pid 8807] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8806] ioctl(4, LOOP_SET_FD, 3 [pid 8804] <... mkdir resumed>) = 0 [pid 8802] rt_sigprocmask(SIG_SETMASK, [], [pid 8800] <... mount resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8807] <... rseq resumed>) = 0 [pid 8802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8807] set_robust_list(0x7f300ac489a0, 24 [pid 8802] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8807] <... set_robust_list resumed>) = 0 [pid 8802] <... futex resumed>) = 0 [pid 8807] rt_sigprocmask(SIG_SETMASK, [], [pid 8802] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8807] memfd_create("syzkaller", 0 [pid 8804] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8800] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", [pid 8807] <... memfd_create resumed>) = 3 [pid 8800] <... openat resumed>) = 3 [pid 8807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8807] <... mmap resumed>) = 0x7f3002800000 [pid 5834] getdents64(4, [pid 8800] chdir("./file1" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8807] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8800] <... chdir resumed>) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./256/file1" [pid 8807] <... write resumed>) = 131072 [pid 8800] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... rmdir resumed>) = 0 [pid 8807] munmap(0x7f3002800000, 138412032 [pid 8806] <... ioctl resumed>) = 0 [pid 8800] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./256/binderfs" [pid 8806] close(3 [pid 5834] <... unlink resumed>) = 0 [pid 8806] <... close resumed>) = 0 [pid 5834] getdents64(3, [pid 8806] close(4 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [ 226.652594][ T8806] loop3: detected capacity change from 0 to 256 [pid 8800] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8807] <... munmap resumed>) = 0 [pid 8806] <... close resumed>) = 0 [pid 8800] <... futex resumed>) = 1 [pid 8798] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8800] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8798] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8807] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8806] mkdir("./file1", 0777 [pid 8798] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8806] <... mkdir resumed>) = 0 [pid 5834] rmdir("./256") = 0 [pid 5834] mkdir("./257", 0777) = 0 [pid 8807] <... openat resumed>) = 4 [pid 8806] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8800] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8798] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8807] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... openat resumed>) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 5834] close(3 [pid 8800] <... openat resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8808 attached [pid 8800] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8798] <... futex resumed>) = 0 [pid 8800] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8798] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8798] <... futex resumed>) = 0 [pid 8808] set_robust_list(0x55556b85b6a0, 24 [pid 8800] mkdir("./file2", 0777 [pid 8798] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8808] <... set_robust_list resumed>) = 0 [pid 8808] chdir("./257") = 0 [pid 8808] prctl(PR_SET_PDEATHSIG, SIGKILL [ 226.702198][ T8804] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 226.717138][ T8807] loop0: detected capacity change from 0 to 256 [ 226.737994][ T8800] exFAT-fs (loop2): error, data size is invalid(9000) [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8808 [pid 8808] <... prctl resumed>) = 0 [pid 8807] <... ioctl resumed>) = 0 [pid 8807] close(3) = 0 [pid 8808] setpgid(0, 0 [pid 8807] close(4 [pid 8804] <... mount resumed>) = 0 [pid 8800] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8807] <... close resumed>) = 0 [pid 8804] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8800] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8807] mkdir("./file1", 0777 [pid 8808] <... setpgid resumed>) = 0 [pid 8804] <... openat resumed>) = 3 [pid 8808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8807] <... mkdir resumed>) = 0 [pid 8804] chdir("./file1" [pid 8798] <... futex resumed>) = ? [pid 8807] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8804] <... chdir resumed>) = 0 [pid 8808] <... openat resumed>) = 3 [pid 8808] write(3, "1000", 4 [pid 8804] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8800] +++ killed by SIGSEGV +++ [pid 8798] +++ killed by SIGSEGV +++ [pid 8808] <... write resumed>) = 4 [pid 8804] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8808] close(3 [pid 8804] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8798, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8808] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8808] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... openat resumed>) = 3 [pid 8808] <... symlink resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 8808] write(1, "executing program\n", 18 [pid 5832] getdents64(3, [pid 8808] <... write resumed>) = 18 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8808] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8804] <... futex resumed>) = 1 [pid 8801] <... futex resumed>) = 0 [pid 5832] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8804] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8801] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8808] <... futex resumed>) = 0 [pid 8804] <... futex resumed>) = 0 [pid 8801] <... futex resumed>) = 1 [pid 8808] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8804] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8801] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8808] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8809 attached [pid 8809] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8808] <... clone3 resumed> => {parent_tid=[8809]}, 88) = 8809 [pid 8804] <... openat resumed>) = 4 [pid 8804] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] <... rseq resumed>) = 0 [ 226.752116][ T8800] exFAT-fs (loop2): Filesystem has been set read-only [ 226.778425][ T8806] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 226.782996][ T8807] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8809] set_robust_list(0x7f300ac489a0, 24 [pid 8808] rt_sigprocmask(SIG_SETMASK, [], [pid 8804] <... futex resumed>) = 1 [pid 8801] <... futex resumed>) = 0 [pid 8809] <... set_robust_list resumed>) = 0 [pid 8801] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] rt_sigprocmask(SIG_SETMASK, [], [pid 8801] <... futex resumed>) = 0 [pid 8809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8801] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8809] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8807] <... mount resumed>) = 0 [pid 8804] mkdir("./file2", 0777 [pid 5832] <... umount2 resumed>) = 0 [pid 8807] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8808] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8809] <... futex resumed>) = 0 [pid 8808] <... futex resumed>) = 1 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8809] memfd_create("syzkaller", 0 [pid 8808] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] newfstatat(AT_FDCWD, "./252/file1", [pid 8809] <... memfd_create resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./252/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8809] <... mmap resumed>) = 0x7f3002800000 [pid 5832] openat(AT_FDCWD, "./252/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8809] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8807] <... openat resumed>) = 3 [pid 8809] <... write resumed>) = 131072 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./252/file1") = 0 [pid 8807] chdir("./file1" [pid 5832] umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8807] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./252/binderfs", [pid 8809] munmap(0x7f3002800000, 138412032 [pid 8807] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8806] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8809] <... munmap resumed>) = 0 [pid 5832] unlink("./252/binderfs") = 0 [pid 8809] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8809] <... openat resumed>) = 4 [pid 5832] close(3 [pid 8809] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 8806] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] rmdir("./252" [pid 8806] <... openat resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 8807] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8804] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8807] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8806] chdir("./file1" [pid 8802] <... futex resumed>) = 0 [pid 5832] mkdir("./253", 0777 [pid 8807] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8806] <... chdir resumed>) = 0 [pid 8804] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8802] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... mkdir resumed>) = 0 [pid 8807] <... openat resumed>) = 4 [pid 8802] <... futex resumed>) = 0 [pid 8801] <... futex resumed>) = ? [pid 8807] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8802] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8807] <... futex resumed>) = 0 [pid 8807] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8802] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8807] <... futex resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8807] mkdir("./file2", 0777 [ 226.830592][ T8804] exFAT-fs (loop1): error, data size is invalid(9000) [ 226.837940][ T8804] exFAT-fs (loop1): Filesystem has been set read-only [ 226.870357][ T8809] loop4: detected capacity change from 0 to 256 [pid 8802] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8806] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(3 [pid 8806] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 8806] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8810 attached [pid 8806] <... futex resumed>) = 1 [pid 8803] <... futex resumed>) = 0 [pid 8806] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8803] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8810 [pid 8803] <... futex resumed>) = 0 [pid 8810] set_robust_list(0x55556b85b6a0, 24 [pid 8803] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8810] <... set_robust_list resumed>) = 0 [pid 8806] <... openat resumed>) = 4 [pid 8804] +++ killed by SIGSEGV +++ [pid 8801] +++ killed by SIGSEGV +++ [pid 8810] chdir("./253" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8801, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8810] <... chdir resumed>) = 0 [pid 8810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8806] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8810] <... prctl resumed>) = 0 [pid 8806] <... futex resumed>) = 1 [pid 8803] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8810] setpgid(0, 0 [pid 8806] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8803] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8810] <... setpgid resumed>) = 0 [pid 8806] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8803] <... futex resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8806] mkdir("./file2", 0777 [pid 8803] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] newfstatat(3, "", [pid 8810] <... openat resumed>) = 3 [pid 8809] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8810] write(3, "1000", 4 [pid 8809] close(3 [pid 5831] getdents64(3, [pid 8810] <... write resumed>) = 4 [pid 8809] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8810] close(3 [pid 8809] close(4 [pid 5831] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8810] <... close resumed>) = 0 [pid 8809] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8810] symlink("/dev/binderfs", "./binderfs" [pid 8809] mkdir("./file1", 0777 [pid 8810] <... symlink resumed>) = 0 [pid 8809] <... mkdir resumed>) = 0 [pid 8807] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8807] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8802] <... futex resumed>) = ? [pid 5831] newfstatat(AT_FDCWD, "./260/file1", executing program [pid 8810] write(1, "executing program\n", 18 [pid 8809] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8807] +++ killed by SIGSEGV +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8802] +++ killed by SIGSEGV +++ [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8802, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8810] <... write resumed>) = 18 [pid 5831] getdents64(4, [pid 8810] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8810] <... futex resumed>) = 0 [pid 5831] close(4 [pid 8810] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... close resumed>) = 0 [pid 8810] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] rmdir("./260/file1" [pid 8810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... rmdir resumed>) = 0 [pid 8810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8810] <... mmap resumed>) = 0x7f300ac28000 [pid 8810] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] newfstatat(AT_FDCWD, "./260/binderfs", [pid 8810] <... mprotect resumed>) = 0 [pid 8810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./260/binderfs") = 0 [pid 8810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 8810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] rmdir("./260" [ 226.883128][ T8807] exFAT-fs (loop0): error, data size is invalid(9000) [ 226.894558][ T8807] exFAT-fs (loop0): Filesystem has been set read-only [ 226.899471][ T8806] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5830] umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8811 attached [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8811] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8811] <... rseq resumed>) = 0 [pid 8811] set_robust_list(0x7f300ac489a0, 24 [pid 5830] <... openat resumed>) = 3 [pid 8811] <... set_robust_list resumed>) = 0 [pid 8811] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] newfstatat(3, "", [pid 8811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8811] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8810] <... clone3 resumed> => {parent_tid=[8811]}, 88) = 8811 [pid 5831] mkdir("./261", 0777 [pid 5830] getdents64(3, [pid 8810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8810] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8811] <... futex resumed>) = 0 [pid 8810] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8811] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8811] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 8811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8803] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8803] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 5831] close(3 [pid 8803] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8811] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8803] <... mprotect resumed>) = 0 [pid 8803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8811] <... write resumed>) = 131072 ./strace-static-x86_64: Process 8812 attached [pid 8811] munmap(0x7f3002800000, 138412032 [pid 8803] <... clone3 resumed> => {parent_tid=[8812]}, 88) = 8812 [pid 8812] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8803] rt_sigprocmask(SIG_SETMASK, [], [pid 8812] <... rseq resumed>) = 0 [pid 8803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8812] set_robust_list(0x7f300ac279a0, 24 [pid 8803] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8812] <... set_robust_list resumed>) = 0 [pid 8811] <... munmap resumed>) = 0 [pid 8803] <... futex resumed>) = 0 [pid 8812] rt_sigprocmask(SIG_SETMASK, [], [pid 8811] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8803] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8806] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8812] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8812] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b85b690) = 8813 [pid 5830] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8813 attached [pid 8813] set_robust_list(0x55556b85b6a0, 24 [pid 8812] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8813] <... set_robust_list resumed>) = 0 [pid 8812] <... futex resumed>) = 1 [pid 8803] <... futex resumed>) = 0 [pid 8813] chdir("./261" [pid 8812] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8813] <... chdir resumed>) = 0 [pid 8813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8813] setpgid(0, 0) = 0 [pid 8813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8812] <... futex resumed>) = ? [pid 8812] +++ killed by SIGSEGV +++ [pid 8813] write(3, "1000", 4 [pid 8806] +++ killed by SIGSEGV +++ [pid 8803] +++ killed by SIGSEGV +++ [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8813] <... write resumed>) = 4 [pid 5830] newfstatat(AT_FDCWD, "./256/file1", [pid 8813] close(3 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8803, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8813] <... close resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5830] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8813] symlink("/dev/binderfs", "./binderfs" [pid 8811] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8813] <... symlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8813] write(1, "executing program\n", 18 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8813] <... write resumed>) = 18 [pid 5830] newfstatat(4, "", [pid 8813] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8813] <... futex resumed>) = 0 [pid 5833] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 8813] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8809] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8813] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8811] ioctl(4, LOOP_SET_FD, 3 [ 226.941488][ T8806] exFAT-fs (loop3): Filesystem has been set read-only [ 226.973859][ T8809] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 8813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8809] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] newfstatat(3, "", [pid 5830] close(4 [pid 8813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8809] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 8813] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] getdents64(3, [pid 5830] rmdir("./256/file1" [pid 8813] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8809] chdir("./file1" [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [pid 8813] <... mprotect resumed>) = 0 [pid 8809] <... chdir resumed>) = 0 [pid 5833] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8813] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8811] <... ioctl resumed>) = 0 [pid 8809] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8813] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8811] close(3 [pid 8809] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./256/binderfs", [pid 8813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8809] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8814 attached [pid 8809] <... futex resumed>) = 1 [pid 8808] <... futex resumed>) = 0 [pid 5833] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./256/binderfs" [pid 8814] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8813] <... clone3 resumed> => {parent_tid=[8814]}, 88) = 8814 [pid 8809] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8808] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 8814] <... rseq resumed>) = 0 [pid 8813] rt_sigprocmask(SIG_SETMASK, [], [pid 8808] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./259/file1", [pid 5830] getdents64(3, [pid 8814] set_robust_list(0x7f300ac489a0, 24 [pid 8813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8809] <... openat resumed>) = 4 [pid 8808] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8814] <... set_robust_list resumed>) = 0 [pid 8813] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 8814] rt_sigprocmask(SIG_SETMASK, [], [pid 8813] <... futex resumed>) = 0 [pid 8811] <... close resumed>) = 0 [pid 8809] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 8814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8813] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8809] <... futex resumed>) = 1 [pid 8808] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] rmdir("./256" [pid 8814] memfd_create("syzkaller", 0 [pid 8811] close(4 [pid 8809] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8808] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 8814] <... memfd_create resumed>) = 3 [pid 8809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8808] <... futex resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 5830] mkdir("./257", 0777 [pid 8814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8809] mkdir("./file2", 0777 [pid 8808] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8811] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8814] <... mmap resumed>) = 0x7f3002800000 [pid 8811] mkdir("./file1", 0777 [pid 8814] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] getdents64(4, [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8811] <... mkdir resumed>) = 0 [pid 8809] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... openat resumed>) = 3 [pid 8811] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8814] <... write resumed>) = 131072 [pid 5833] getdents64(4, [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5833] close(4 [pid 5830] close(3 [pid 8814] munmap(0x7f3002800000, 138412032 [pid 5833] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8814] <... munmap resumed>) = 0 [pid 8809] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] rmdir("./259/file1" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8815 attached [pid 8814] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8808] <... futex resumed>) = ? [pid 5833] <... rmdir resumed>) = 0 [pid 8815] set_robust_list(0x55556b85b6a0, 24 [pid 8814] <... openat resumed>) = 4 [pid 8809] +++ killed by SIGSEGV +++ [pid 8808] +++ killed by SIGSEGV +++ [ 227.010517][ T8811] loop2: detected capacity change from 0 to 256 [ 227.039670][ T8809] exFAT-fs (loop4): error, data size is invalid(9000) [ 227.049987][ T8809] exFAT-fs (loop4): Filesystem has been set read-only [pid 5833] umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8815] <... set_robust_list resumed>) = 0 [pid 8814] ioctl(4, LOOP_SET_FD, 3 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8808, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8815 [pid 8815] chdir("./257") = 0 [pid 5833] newfstatat(AT_FDCWD, "./259/binderfs", [pid 8815] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8815] <... prctl resumed>) = 0 [pid 5833] unlink("./259/binderfs" [pid 8815] setpgid(0, 0 [pid 5833] <... unlink resumed>) = 0 [pid 8815] <... setpgid resumed>) = 0 [pid 5834] umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(3, [pid 8815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8815] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] close(3 [pid 8815] write(3, "1000", 4 [pid 5834] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 8815] <... write resumed>) = 4 [pid 5834] newfstatat(3, "", [pid 5833] rmdir("./259" [pid 8815] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8815] <... close resumed>) = 0 [pid 5834] getdents64(3, [pid 5833] mkdir("./260", 0777 [pid 8815] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... mkdir resumed>) = 0 executing program [pid 8815] <... symlink resumed>) = 0 [pid 5834] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8816 attached [pid 8815] write(1, "executing program\n", 18 [pid 8814] <... ioctl resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8816 [pid 8815] <... write resumed>) = 18 [pid 8814] close(3 [pid 8816] set_robust_list(0x55556b85b6a0, 24 [pid 8815] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8814] <... close resumed>) = 0 [pid 8816] <... set_robust_list resumed>) = 0 [pid 8815] <... futex resumed>) = 0 [pid 8814] close(4 [pid 8816] chdir("./260" [pid 8815] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8816] <... chdir resumed>) = 0 [pid 8815] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8815] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8816] <... prctl resumed>) = 0 [pid 8815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8816] setpgid(0, 0 [pid 8815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8816] <... setpgid resumed>) = 0 [pid 8815] <... mmap resumed>) = 0x7f300ac28000 [pid 8816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8815] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8816] <... openat resumed>) = 3 [pid 8815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8817 attached [pid 8816] write(3, "1000", 4 [pid 8815] <... clone3 resumed> => {parent_tid=[8817]}, 88) = 8817 [pid 8817] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8816] <... write resumed>) = 4 [pid 8815] rt_sigprocmask(SIG_SETMASK, [], [pid 8817] <... rseq resumed>) = 0 [pid 8816] close(3 [pid 8815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8817] set_robust_list(0x7f300ac489a0, 24 [pid 8816] <... close resumed>) = 0 [pid 8815] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8817] <... set_robust_list resumed>) = 0 [pid 8816] symlink("/dev/binderfs", "./binderfs" [pid 8815] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 8815] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8814] <... close resumed>) = 0 executing program [pid 8817] rt_sigprocmask(SIG_SETMASK, [], [pid 8816] <... symlink resumed>) = 0 [pid 8814] mkdir("./file1", 0777 [pid 8817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8816] write(1, "executing program\n", 18 [pid 8814] <... mkdir resumed>) = 0 [pid 8817] memfd_create("syzkaller", 0 [pid 8816] <... write resumed>) = 18 [pid 8816] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8814] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5834] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8816] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8817] <... memfd_create resumed>) = 3 [pid 8816] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] newfstatat(AT_FDCWD, "./257/file1", [pid 8817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8816] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8817] <... mmap resumed>) = 0x7f3002800000 [pid 8816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8817] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] openat(AT_FDCWD, "./257/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8816] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] <... openat resumed>) = 4 [pid 8816] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] newfstatat(4, "", [pid 8816] <... mprotect resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] getdents64(4, [pid 8817] <... write resumed>) = 131072 [pid 8816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] close(4./strace-static-x86_64: Process 8818 attached ) = 0 [pid 8818] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8817] munmap(0x7f3002800000, 138412032 [pid 8816] <... clone3 resumed> => {parent_tid=[8818]}, 88) = 8818 [pid 5834] rmdir("./257/file1" [pid 8816] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... rmdir resumed>) = 0 [pid 8818] <... rseq resumed>) = 0 [pid 8816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8817] <... munmap resumed>) = 0 [pid 8816] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8818] set_robust_list(0x7f300ac489a0, 24 [ 227.087904][ T8814] loop1: detected capacity change from 0 to 256 [ 227.115885][ T8811] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8816] <... futex resumed>) = 0 [pid 8818] <... set_robust_list resumed>) = 0 [pid 8816] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8818] rt_sigprocmask(SIG_SETMASK, [], [pid 8817] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8817] <... openat resumed>) = 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8818] memfd_create("syzkaller", 0) = 3 [pid 8817] ioctl(4, LOOP_SET_FD, 3 [pid 5834] newfstatat(AT_FDCWD, "./257/binderfs", [pid 8818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8818] <... mmap resumed>) = 0x7f3002800000 [pid 5834] unlink("./257/binderfs" [pid 8818] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... unlink resumed>) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./257") = 0 [pid 5834] mkdir("./258", 0777) = 0 [pid 8818] <... write resumed>) = 131072 [pid 8811] <... mount resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8811] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 8811] chdir("./file1") = 0 [pid 5834] close(3 [pid 8818] munmap(0x7f3002800000, 138412032 [pid 8811] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8818] <... munmap resumed>) = 0 [pid 8811] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8818] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8811] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8818] ioctl(4, LOOP_SET_FD, 3 [pid 8811] <... futex resumed>) = 1 [pid 8810] <... futex resumed>) = 0 [pid 8811] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8810] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8817] <... ioctl resumed>) = 0 [pid 8810] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8817] close(3) = 0 [ 227.190292][ T8817] loop0: detected capacity change from 0 to 256 [ 227.215476][ T8814] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8817] close(4 [pid 5834] <... close resumed>) = 0 [pid 8818] <... ioctl resumed>) = 0 [pid 8817] <... close resumed>) = 0 [pid 8814] <... mount resumed>) = 0 [pid 8811] <... openat resumed>) = 4 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8817] mkdir("./file1", 0777 [pid 8814] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8811] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8817] <... mkdir resumed>) = 0 [pid 8814] <... openat resumed>) = 3 [pid 8811] <... futex resumed>) = 1 [pid 8810] <... futex resumed>) = 0 ./strace-static-x86_64: Process 8819 attached [pid 8818] close(3 [pid 8817] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8814] chdir("./file1" [pid 8811] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8810] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8819 [pid 8819] set_robust_list(0x55556b85b6a0, 24 [pid 8818] <... close resumed>) = 0 [pid 8814] <... chdir resumed>) = 0 [pid 8811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8810] <... futex resumed>) = 0 [pid 8819] <... set_robust_list resumed>) = 0 [pid 8818] close(4 [pid 8814] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8811] mkdir("./file2", 0777 [pid 8810] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8819] chdir("./258" [pid 8818] <... close resumed>) = 0 [pid 8814] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8814] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8819] <... chdir resumed>) = 0 [pid 8814] <... futex resumed>) = 1 [pid 8814] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 227.237001][ T8818] loop3: detected capacity change from 0 to 256 [pid 8819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8819] setpgid(0, 0 [pid 8818] mkdir("./file1", 0777 [pid 8819] <... setpgid resumed>) = 0 [pid 8818] <... mkdir resumed>) = 0 [pid 8813] <... futex resumed>) = 0 [pid 8819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8813] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8819] <... openat resumed>) = 3 [pid 8814] <... futex resumed>) = 0 [pid 8813] <... futex resumed>) = 1 [pid 8814] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8813] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8819] write(3, "1000", 4 [pid 8818] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8814] <... openat resumed>) = 4 [pid 8819] <... write resumed>) = 4 [pid 8819] close(3 [pid 8814] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8814] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8819] <... close resumed>) = 0 [pid 8819] symlink("/dev/binderfs", "./binderfs" [pid 8813] <... futex resumed>) = 0 [pid 8813] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8819] <... symlink resumed>) = 0 [pid 8814] <... futex resumed>) = 0 [pid 8813] <... futex resumed>) = 1 [ 227.271882][ T8811] exFAT-fs (loop2): error, data size is invalid(9000) [ 227.286273][ T8817] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8814] mkdir("./file2", 0777 [pid 8813] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8811] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8810] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8810] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 8819] write(1, "executing program\n", 18 [pid 8810] <... mmap resumed>) = 0x7f300ac07000 [pid 8819] <... write resumed>) = 18 [pid 8819] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8810] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8819] <... futex resumed>) = 0 [pid 8819] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8810] <... mprotect resumed>) = 0 [pid 8819] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8820]}, 88) = 8820 [pid 8810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8810] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8810] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 8820 attached [pid 8820] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8819] <... mmap resumed>) = 0x7f300ac28000 [pid 8817] <... mount resumed>) = 0 [pid 8820] <... rseq resumed>) = 0 [pid 8820] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8819] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8811] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 227.321351][ T8811] exFAT-fs (loop2): Filesystem has been set read-only [ 227.325180][ T8814] exFAT-fs (loop1): error, data size is invalid(9000) [ 227.341653][ T8818] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8819] <... mprotect resumed>) = 0 [pid 8817] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8820] +++ killed by SIGSEGV +++ [pid 8819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8821 attached [pid 8817] chdir("./file1" [pid 8813] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8811] +++ killed by SIGSEGV +++ [pid 8810] <... futex resumed>) = ? [pid 8819] <... clone3 resumed> => {parent_tid=[8821]}, 88) = 8821 [pid 8813] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8821] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8819] rt_sigprocmask(SIG_SETMASK, [], [pid 8817] <... chdir resumed>) = 0 [pid 8813] <... futex resumed>) = 0 [pid 8810] +++ killed by SIGSEGV +++ [pid 8819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8810, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8821] <... rseq resumed>) = 0 [pid 8819] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8813] <... mmap resumed>) = 0x7f300ac07000 [pid 8821] set_robust_list(0x7f300ac489a0, 24 [pid 8819] <... futex resumed>) = 0 [pid 8813] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8821] <... set_robust_list resumed>) = 0 [pid 8819] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8817] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8813] <... mprotect resumed>) = 0 [pid 5832] umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8821] rt_sigprocmask(SIG_SETMASK, [], [pid 8817] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8813] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8817] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8813] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8817] <... futex resumed>) = 1 [pid 8815] <... futex resumed>) = 0 [pid 8821] memfd_create("syzkaller", 0 [pid 8817] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8815] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8821] <... memfd_create resumed>) = 3 [pid 8817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8814] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... openat resumed>) = 3 [pid 8813] <... clone3 resumed> => {parent_tid=[8822]}, 88) = 8822 ./strace-static-x86_64: Process 8822 attached [pid 8821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8813] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] newfstatat(3, "", [pid 8813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8817] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8815] <... futex resumed>) = 0 [pid 8814] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8813] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(3, [pid 8821] <... mmap resumed>) = 0x7f3002800000 [pid 8815] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8813] <... futex resumed>) = ? [pid 8822] +++ killed by SIGSEGV +++ [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8821] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8818] <... mount resumed>) = 0 [pid 8814] +++ killed by SIGSEGV +++ [pid 8813] +++ killed by SIGSEGV +++ [pid 5832] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8813, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8818] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8817] <... openat resumed>) = 4 [ 227.370981][ T8814] exFAT-fs (loop1): Filesystem has been set read-only [pid 8818] chdir("./file1" [pid 8817] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8818] <... chdir resumed>) = 0 [pid 8817] <... futex resumed>) = 1 [pid 8815] <... futex resumed>) = 0 [pid 8818] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8817] mkdir("./file2", 0777 [pid 8815] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8821] <... write resumed>) = 131072 [pid 8818] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8815] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8818] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8815] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./253/file1", [pid 8818] <... futex resumed>) = 1 [pid 8818] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8821] munmap(0x7f3002800000, 138412032 [pid 8816] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8821] <... munmap resumed>) = 0 [pid 8816] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./253/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8816] <... futex resumed>) = 1 [pid 8816] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 3 [pid 8818] <... futex resumed>) = 0 [pid 8818] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8818] <... openat resumed>) = 4 [pid 8818] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8816] <... futex resumed>) = 0 [pid 8816] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8816] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8818] mkdir("./file2", 0777 [pid 5832] openat(AT_FDCWD, "./253/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] newfstatat(4, "", [pid 5831] getdents64(3, [pid 8821] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8821] <... openat resumed>) = 4 [pid 5832] getdents64(4, [ 227.428497][ T8817] exFAT-fs (loop0): error, data size is invalid(9000) [ 227.448780][ T8817] exFAT-fs (loop0): Filesystem has been set read-only [ 227.459617][ T8818] exFAT-fs (loop3): error, data size is invalid(9000) [pid 5831] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8821] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 8817] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8817] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8815] <... futex resumed>) = ? [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] close(4 [pid 5831] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8821] <... ioctl resumed>) = 0 [pid 5832] rmdir("./253/file1" [pid 8821] close(3 [pid 8817] +++ killed by SIGSEGV +++ [pid 8815] +++ killed by SIGSEGV +++ [pid 5832] <... rmdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./261/file1", [pid 5832] umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8821] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8821] close(4 [pid 5832] newfstatat(AT_FDCWD, "./253/binderfs", [pid 8821] <... close resumed>) = 0 [pid 5831] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8815, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8821] mkdir("./file1", 0777 [pid 5832] unlink("./253/binderfs" [pid 5830] umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8821] <... mkdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./261/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8821] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] getdents64(3, [pid 5830] openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] close(3 [pid 5831] newfstatat(4, "", [pid 5830] <... openat resumed>) = 3 [pid 8816] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 8816] <... futex resumed>) = 0 [pid 5832] rmdir("./253" [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(3, [pid 5832] mkdir("./254", 0777 [pid 8816] <... mmap resumed>) = 0x7f300ac07000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8816] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... mkdir resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8816] <... rt_sigprocmask resumed>[], 8) = 0 [ 227.477903][ T8821] loop4: detected capacity change from 0 to 256 [ 227.481107][ T8818] exFAT-fs (loop3): Filesystem has been set read-only [pid 8816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] close(4 [pid 5830] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 [pid 8816] <... clone3 resumed> => {parent_tid=[8823]}, 88) = 8823 [pid 5832] close(3 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8823 attached [pid 8816] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] newfstatat(AT_FDCWD, "./257/file1", [pid 8816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] rmdir("./261/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8816] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8816] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./257/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8816] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 4 [pid 8823] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 8823] <... rseq resumed>) = 0 [pid 8823] set_robust_list(0x7f300ac279a0, 24 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8823] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(4, [pid 5831] umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8824 attached [pid 8823] rt_sigprocmask(SIG_SETMASK, [], [pid 8818] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8824 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8823] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(AT_FDCWD, "./261/binderfs", [pid 5830] close(4 [pid 8824] set_robust_list(0x55556b85b6a0, 24 [pid 8823] <... ioctl resumed>) = 0 [pid 8818] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... close resumed>) = 0 [pid 8824] <... set_robust_list resumed>) = 0 [pid 5831] unlink("./261/binderfs" [pid 5830] rmdir("./257/file1" [pid 8816] <... futex resumed>) = ? [pid 8824] chdir("./254" [pid 8823] +++ killed by SIGSEGV +++ [pid 8821] <... mount resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8824] <... chdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8818] +++ killed by SIGSEGV +++ [pid 8816] +++ killed by SIGSEGV +++ [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8824] setpgid(0, 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8816, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] close(3 [pid 5830] newfstatat(AT_FDCWD, "./257/binderfs", [pid 8824] <... setpgid resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./261" [pid 5833] <... restart_syscall resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] unlink("./257/binderfs" [pid 5831] mkdir("./262", 0777 [pid 5830] <... unlink resumed>) = 0 [pid 5833] umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 8821] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8821] <... openat resumed>) = 3 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8824] <... openat resumed>) = 3 [pid 8821] chdir("./file1" [pid 5833] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 8824] write(3, "1000", 4 [pid 8821] <... chdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] rmdir("./257" [pid 8824] <... write resumed>) = 4 [pid 8821] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] mkdir("./258", 0777 [pid 8821] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 8824] close(3 [pid 8821] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8824] <... close resumed>) = 0 ./strace-static-x86_64: Process 8825 attached [pid 8824] symlink("/dev/binderfs", "./binderfs" [pid 5833] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8825 [pid 5830] <... openat resumed>) = 3 [pid 5833] newfstatat(AT_FDCWD, "./260/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8824] <... symlink resumed>) = 0 [pid 5833] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8825] set_robust_list(0x55556b85b6a0, 24 [ 227.538483][ T8821] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] getdents64(4, executing program [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8825] <... set_robust_list resumed>) = 0 [pid 8824] write(1, "executing program\n", 18 [pid 8821] <... futex resumed>) = 1 [pid 8819] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 8819] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8824] <... write resumed>) = 18 [pid 5833] rmdir("./260/file1" [pid 8824] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8821] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8819] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8824] <... futex resumed>) = 0 [pid 8819] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8824] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8821] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 8824] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8825] chdir("./262" [pid 5833] newfstatat(AT_FDCWD, "./260/binderfs", [pid 8825] <... chdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8825] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] unlink("./260/binderfs" [pid 8825] <... prctl resumed>) = 0 [pid 8824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8821] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8825] setpgid(0, 0 [pid 8824] <... mmap resumed>) = 0x7f300ac28000 [pid 8821] <... futex resumed>) = 1 [pid 8819] <... futex resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8825] <... setpgid resumed>) = 0 [pid 5833] close(3executing program [pid 8825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8824] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8821] mkdir("./file2", 0777 [pid 8819] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8819] <... futex resumed>) = 0 [pid 5833] rmdir("./260") = 0 [pid 8825] <... openat resumed>) = 3 [pid 8819] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] mkdir("./261", 0777) = 0 [pid 8825] write(3, "1000", 4) = 4 [pid 8825] close(3) = 0 [pid 8825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 8826 attached ) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8825] write(1, "executing program\n", 18 [pid 5833] <... ioctl resumed>) = 0 [pid 8825] <... write resumed>) = 18 [pid 8825] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] close(3 [pid 8825] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... close resumed>) = 0 [pid 8825] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8827 attached [pid 8826] set_robust_list(0x55556b85b6a0, 24 [pid 8825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8826] <... set_robust_list resumed>) = 0 [pid 8825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8824] <... mprotect resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8826 [pid 8827] set_robust_list(0x55556b85b6a0, 24 [pid 8826] chdir("./258" [pid 8825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8827 [pid 8827] <... set_robust_list resumed>) = 0 [pid 8826] <... chdir resumed>) = 0 [pid 8825] <... mmap resumed>) = 0x7f300ac28000 [pid 8824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8825] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8825] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8827] chdir("./261" [pid 8826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8825] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8827] <... chdir resumed>) = 0 [pid 8826] setpgid(0, 0 [pid 8825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8828 attached [pid 8827] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8826] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 8829 attached [pid 8827] <... prctl resumed>) = 0 [pid 8826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8825] <... clone3 resumed> => {parent_tid=[8829]}, 88) = 8829 [pid 8827] setpgid(0, 0 [pid 8826] <... openat resumed>) = 3 [pid 8825] rt_sigprocmask(SIG_SETMASK, [], [pid 8824] <... clone3 resumed> => {parent_tid=[8828]}, 88) = 8828 [pid 8829] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8828] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8827] <... setpgid resumed>) = 0 [pid 8826] write(3, "1000", 4 [pid 8825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8829] <... rseq resumed>) = 0 [pid 8828] <... rseq resumed>) = 0 [pid 8827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8826] <... write resumed>) = 4 [pid 8824] rt_sigprocmask(SIG_SETMASK, [], [pid 8829] set_robust_list(0x7f300ac489a0, 24 [pid 8828] set_robust_list(0x7f300ac489a0, 24 [pid 8827] <... openat resumed>) = 3 [pid 8826] close(3 [pid 8825] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... set_robust_list resumed>) = 0 [pid 8828] <... set_robust_list resumed>) = 0 [pid 8827] write(3, "1000", 4 [pid 8826] <... close resumed>) = 0 executing program executing program [pid 8825] <... futex resumed>) = 0 [pid 8829] rt_sigprocmask(SIG_SETMASK, [], [pid 8828] rt_sigprocmask(SIG_SETMASK, [], [pid 8826] symlink("/dev/binderfs", "./binderfs" [pid 8825] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8827] <... write resumed>) = 4 [pid 8826] <... symlink resumed>) = 0 [pid 8829] memfd_create("syzkaller", 0 [pid 8828] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] close(3) = 0 [pid 8827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8829] <... memfd_create resumed>) = 3 [pid 8827] write(1, "executing program\n", 18 [pid 8826] write(1, "executing program\n", 18 [pid 8824] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8824] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8828] <... futex resumed>) = 0 [pid 8826] <... write resumed>) = 18 [pid 8829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8828] memfd_create("syzkaller", 0 [pid 8826] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... mmap resumed>) = 0x7f3002800000 [pid 8828] <... memfd_create resumed>) = 3 [pid 8827] <... write resumed>) = 18 [pid 8826] <... futex resumed>) = 0 [pid 8829] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8827] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8826] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8828] <... mmap resumed>) = 0x7f3002800000 [pid 8827] <... futex resumed>) = 0 [pid 8826] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8828] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8827] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8827] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8826] <... mmap resumed>) = 0x7f300ac28000 [pid 8829] <... write resumed>) = 131072 [pid 8827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8828] <... write resumed>) = 131072 [pid 8827] <... mmap resumed>) = 0x7f300ac28000 [pid 8826] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8821] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8819] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8819] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8821] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8819] <... futex resumed>) = 0 [pid 8826] <... mprotect resumed>) = 0 [pid 8819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8829] munmap(0x7f3002800000, 138412032 [pid 8827] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8819] <... mmap resumed>) = 0x7f300ac07000 [pid 8819] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = ? [pid 8829] <... munmap resumed>) = 0 [pid 8828] munmap(0x7f3002800000, 138412032 [pid 8827] <... mprotect resumed>) = 0 [pid 8826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8828] <... munmap resumed>) = 0 [pid 8827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8821] +++ killed by SIGSEGV +++ [pid 8819] +++ killed by SIGSEGV +++ [ 227.626045][ T8821] exFAT-fs (loop4): error, data size is invalid(9000) [ 227.656257][ T8821] exFAT-fs (loop4): Filesystem has been set read-only ./strace-static-x86_64: Process 8830 attached [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8819, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8828] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8830] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 8831 attached ) = 0 [pid 8829] <... openat resumed>) = 4 [pid 8828] <... openat resumed>) = 4 [pid 5834] umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8831] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8830] set_robust_list(0x7f300ac489a0, 24 [pid 8829] ioctl(4, LOOP_SET_FD, 3 [pid 8828] ioctl(4, LOOP_SET_FD, 3 [pid 8827] <... clone3 resumed> => {parent_tid=[8831]}, 88) = 8831 [pid 8826] <... clone3 resumed> => {parent_tid=[8830]}, 88) = 8830 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8830] <... set_robust_list resumed>) = 0 [pid 8830] rt_sigprocmask(SIG_SETMASK, [], [pid 8827] rt_sigprocmask(SIG_SETMASK, [], [pid 8826] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8831] <... rseq resumed>) = 0 [pid 8827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8831] set_robust_list(0x7f300ac489a0, 24 [pid 8827] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8826] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8831] <... set_robust_list resumed>) = 0 [pid 8827] <... futex resumed>) = 0 [pid 8826] <... futex resumed>) = 0 [pid 8831] rt_sigprocmask(SIG_SETMASK, [], [pid 8827] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8826] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8830] memfd_create("syzkaller", 0 [pid 5834] newfstatat(3, "", [pid 8831] memfd_create("syzkaller", 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8831] <... memfd_create resumed>) = 3 [pid 8831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8831] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8830] <... memfd_create resumed>) = 3 [pid 5834] getdents64(3, [pid 8830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8831] <... write resumed>) = 131072 [pid 8830] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8831] munmap(0x7f3002800000, 138412032) = 0 [pid 8830] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8829] <... ioctl resumed>) = 0 [pid 8828] <... ioctl resumed>) = 0 [pid 5834] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8828] close(3 [pid 8829] close(3 [pid 8828] <... close resumed>) = 0 [pid 8831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8829] <... close resumed>) = 0 [pid 8828] close(4) = 0 [pid 8829] close(4 [pid 8828] mkdir("./file1", 0777 [pid 8831] <... openat resumed>) = 4 [pid 8828] <... mkdir resumed>) = 0 [pid 8829] <... close resumed>) = 0 [pid 8829] mkdir("./file1", 0777) = 0 [pid 8831] ioctl(4, LOOP_SET_FD, 3 [pid 8830] <... write resumed>) = 131072 [pid 8828] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] <... umount2 resumed>) = 0 [pid 8830] munmap(0x7f3002800000, 138412032 [pid 8829] mount("/dev/loop1", "./file1", "exfat", 0, "" [ 227.720811][ T8828] loop2: detected capacity change from 0 to 256 [ 227.727527][ T8829] loop1: detected capacity change from 0 to 256 [pid 5834] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8830] <... munmap resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./258/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8830] ioctl(4, LOOP_SET_FD, 3 [pid 5834] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8831] <... ioctl resumed>) = 0 [pid 8830] <... ioctl resumed>) = 0 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, [pid 8831] close(3) = 0 [pid 8831] close(4) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8831] mkdir("./file1", 0777 [pid 5834] getdents64(4, [pid 8831] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8830] close(3 [pid 5834] close(4 [pid 8830] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./258/file1" [pid 8830] close(4) = 0 [pid 8830] mkdir("./file1", 0777 [pid 8831] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8830] <... mkdir resumed>) = 0 [pid 8830] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] <... rmdir resumed>) = 0 [ 227.772088][ T8831] loop3: detected capacity change from 0 to 256 [ 227.783608][ T8830] loop0: detected capacity change from 0 to 256 [ 227.805106][ T8828] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8828] <... mount resumed>) = 0 [pid 5834] unlink("./258/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3 [pid 8831] <... mount resumed>) = 0 [pid 8828] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... close resumed>) = 0 [pid 8831] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8828] <... openat resumed>) = 3 [pid 8831] <... openat resumed>) = 3 [pid 8828] chdir("./file1" [pid 5834] rmdir("./258" [pid 8831] chdir("./file1" [pid 8828] <... chdir resumed>) = 0 [pid 8831] <... chdir resumed>) = 0 [pid 8828] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8828] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8831] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8828] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rmdir resumed>) = 0 [pid 8831] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8828] <... futex resumed>) = 1 [pid 5834] mkdir("./259", 0777 [pid 8831] <... futex resumed>) = 1 [pid 8828] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] <... futex resumed>) = 0 [pid 8824] <... futex resumed>) = 0 [pid 8831] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... mkdir resumed>) = 0 [pid 8824] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8827] <... futex resumed>) = 0 [pid 8828] <... futex resumed>) = 0 [pid 8827] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8824] <... futex resumed>) = 1 [pid 8831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8828] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8824] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8831] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 227.822490][ T8831] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 227.836969][ T8829] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 8829] <... mount resumed>) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [pid 8831] <... openat resumed>) = 4 [pid 8828] <... openat resumed>) = 4 [pid 8828] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8831] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8828] <... futex resumed>) = 1 [pid 8824] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8824] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8831] <... futex resumed>) = 1 [pid 8828] mkdir("./file2", 0777 [pid 8827] <... futex resumed>) = 0 [pid 8824] <... futex resumed>) = 0 [pid 8831] mkdir("./file2", 0777 [pid 8829] <... openat resumed>) = 3 [pid 8827] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8824] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 8829] chdir("./file1") = 0 [pid 8827] <... futex resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 227.883780][ T8830] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 227.901025][ T8828] exFAT-fs (loop2): error, data size is invalid(9000) [ 227.910723][ T8831] exFAT-fs (loop3): error, data size is invalid(9000) [ 227.917609][ T8831] exFAT-fs (loop3): Filesystem has been set read-only [pid 8827] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8829] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 8832 attached ) = -1 EBUSY (Device or resource busy) [pid 8830] <... mount resumed>) = 0 [pid 8830] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8832] set_robust_list(0x55556b85b6a0, 24 [pid 8830] chdir("./file1" [pid 8829] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8830] <... chdir resumed>) = 0 [pid 8830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8830] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8826] <... futex resumed>) = 0 [pid 8830] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8826] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8832] <... set_robust_list resumed>) = 0 [pid 8829] <... futex resumed>) = 1 [pid 8826] <... futex resumed>) = 0 [pid 8826] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8832] chdir("./259" [pid 8829] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8832] <... chdir resumed>) = 0 [pid 8830] <... openat resumed>) = 4 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8832 [pid 8832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8830] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8825] <... futex resumed>) = 0 [pid 8832] setpgid(0, 0) = 0 [pid 8830] <... futex resumed>) = 1 [pid 8826] <... futex resumed>) = 0 [pid 8825] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8830] mkdir("./file2", 0777 [pid 8829] <... futex resumed>) = 0 [pid 8826] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8825] <... futex resumed>) = 1 [pid 8832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8829] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8826] <... futex resumed>) = 0 [pid 8825] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8824] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8829] <... openat resumed>) = 4 [pid 8826] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8824] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8832] write(3, "1000", 4 [pid 8824] <... futex resumed>) = 0 [pid 8832] <... write resumed>) = 4 [pid 8824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8832] close(3) = 0 [pid 8824] <... mmap resumed>) = 0x7f300ac07000 [pid 8832] symlink("/dev/binderfs", "./binderfs" [pid 8824] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8831] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8829] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8828] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8832] <... symlink resumed>) = 0 [pid 8831] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8829] <... futex resumed>) = 1 [pid 8828] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8825] <... futex resumed>) = 0 [pid 8824] <... mprotect resumed>) = ? [pid 8829] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8827] <... futex resumed>) = ? [pid 8825] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8828] +++ killed by SIGSEGV +++ [pid 8829] mkdir("./file2", 0777 [pid 8825] <... futex resumed>) = 0 [pid 8832] write(1, "executing program\n", 18 [pid 8825] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8832] <... write resumed>) = 18 [pid 8831] +++ killed by SIGSEGV +++ [pid 8827] +++ killed by SIGSEGV +++ [pid 8824] +++ killed by SIGSEGV +++ [pid 8832] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8827, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8824, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8832] <... futex resumed>) = 0 [pid 8832] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./261/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 227.938822][ T8828] exFAT-fs (loop2): Filesystem has been set read-only [ 227.956935][ T8830] exFAT-fs (loop0): error, data size is invalid(9000) [ 227.974790][ T8829] exFAT-fs (loop1): error, data size is invalid(9000) [pid 5833] openat(AT_FDCWD, "./261/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8832] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./261/file1") = 0 [pid 5833] umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./261/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./261") = 0 [pid 5833] mkdir("./262", 0777 [pid 8832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8829] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... mkdir resumed>) = 0 [pid 8832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8832] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... openat resumed>) = 3 [pid 8832] <... mprotect resumed>) = 0 [pid 5832] umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8832] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8832] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8829] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8825] <... futex resumed>) = ? [pid 5833] close(3 [pid 5832] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8833 attached [pid 8829] +++ killed by SIGSEGV +++ [pid 8825] +++ killed by SIGSEGV +++ [pid 8832] <... clone3 resumed> => {parent_tid=[8833]}, 88) = 8833 [pid 8833] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... close resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8825, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8833] <... rseq resumed>) = 0 [pid 8826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8833] set_robust_list(0x7f300ac489a0, 24 [pid 8832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8826] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8834 attached [pid 8833] <... set_robust_list resumed>) = 0 [pid 8832] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8826] <... futex resumed>) = 0 [pid 8833] rt_sigprocmask(SIG_SETMASK, [], [pid 8832] <... futex resumed>) = 0 [pid 8830] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] getdents64(3, [pid 8834] set_robust_list(0x55556b85b6a0, 24 [pid 8833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8832] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8830] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8826] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8834 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8834] <... set_robust_list resumed>) = 0 [pid 8833] memfd_create("syzkaller", 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8834] chdir("./262" [pid 8833] <... memfd_create resumed>) = 3 [pid 5832] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8834] <... chdir resumed>) = 0 [pid 8833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8830] +++ killed by SIGSEGV +++ [pid 8826] +++ killed by SIGSEGV +++ [pid 8833] <... mmap resumed>) = 0x7f3002800000 [pid 8834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8833] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8826, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8834] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8834] setpgid(0, 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 8834] <... setpgid resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 5831] getdents64(3, [pid 8834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5830] getdents64(3, [pid 8834] <... openat resumed>) = 3 [pid 8833] <... write resumed>) = 131072 [pid 5832] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(AT_FDCWD, "./254/file1", [ 227.999464][ T8830] exFAT-fs (loop0): Filesystem has been set read-only [ 228.003851][ T8829] exFAT-fs (loop1): Filesystem has been set read-only [pid 8834] write(3, "1000", 4 [pid 8833] munmap(0x7f3002800000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8834] <... write resumed>) = 4 [pid 8833] <... munmap resumed>) = 0 [pid 5832] umount2("./254/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8834] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8834] <... close resumed>) = 0 [pid 8833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] openat(AT_FDCWD, "./254/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./262/file1", [pid 8834] symlink("/dev/binderfs", "./binderfs" [pid 8833] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8834] <... symlink resumed>) = 0 [pid 8833] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(4, "", [pid 5831] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5830] <... umount2 resumed>) = 0 [pid 8834] write(1, "executing program\n", 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8834] <... write resumed>) = 18 [pid 5831] openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8834] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 4 [pid 5830] newfstatat(AT_FDCWD, "./258/file1", [pid 8834] <... futex resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] newfstatat(4, "", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8834] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5831] getdents64(4, [pid 5830] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] close(4 [pid 5831] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] close(4 [pid 8834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] rmdir("./254/file1" [pid 5831] rmdir("./262/file1" [pid 8834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./254/binderfs", [pid 5831] newfstatat(AT_FDCWD, "./262/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8834] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] unlink("./262/binderfs" [pid 5830] getdents64(4, [pid 8834] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] unlink("./254/binderfs" [pid 5831] <... unlink resumed>) = 0 [pid 8834] <... mprotect resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8834] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] getdents64(3, [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 8834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] close(3 [pid 5831] <... close resumed>) = 0 [pid 5830] close(4./strace-static-x86_64: Process 8835 attached [pid 5832] <... close resumed>) = 0 [pid 5831] rmdir("./262" [pid 8835] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8834] <... clone3 resumed> => {parent_tid=[8835]}, 88) = 8835 [pid 5832] rmdir("./254" [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8835] <... rseq resumed>) = 0 [pid 8834] rt_sigprocmask(SIG_SETMASK, [], [pid 8833] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] mkdir("./263", 0777 [pid 8835] set_robust_list(0x7f300ac489a0, 24 [pid 8834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] mkdir("./255", 0777 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] rmdir("./258/file1" [pid 8834] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8835] <... set_robust_list resumed>) = 0 [pid 8834] <... futex resumed>) = 0 [pid 8833] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 8834] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8835] rt_sigprocmask(SIG_SETMASK, [], [pid 8833] <... close resumed>) = 0 [pid 5830] umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8836 attached [pid 8835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8833] close(4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8833] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8836] set_robust_list(0x55556b85b6a0, 24 [pid 8835] memfd_create("syzkaller", 0 [pid 8833] mkdir("./file1", 0777 [pid 5832] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8836 [pid 5830] newfstatat(AT_FDCWD, "./258/binderfs", [pid 8836] <... set_robust_list resumed>) = 0 [pid 8835] <... memfd_create resumed>) = 3 [pid 8833] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8836] chdir("./263") = 0 [pid 8836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8836] setpgid(0, 0) = 0 [pid 8836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8837 attached [pid 8836] write(3, "1000", 4) = 4 [pid 8836] close(3) = 0 [pid 8836] symlink("/dev/binderfs", "./binderfs" [pid 5830] unlink("./258/binderfs" [pid 8835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8833] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8837] set_robust_list(0x55556b85b6a0, 24 [pid 8836] <... symlink resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8837] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, executing program [pid 8837] chdir("./255" [pid 8836] write(1, "executing program\n", 18 [pid 8835] <... mmap resumed>) = 0x7f3002800000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8837 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8836] <... write resumed>) = 18 [pid 8837] <... chdir resumed>) = 0 [pid 8836] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] close(3 [pid 8837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8836] <... futex resumed>) = 0 [pid 8837] <... prctl resumed>) = 0 [pid 8836] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... close resumed>) = 0 [pid 8837] setpgid(0, 0 [pid 8836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] rmdir("./258" [pid 8837] <... setpgid resumed>) = 0 [pid 8836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] mkdir("./259", 0777 [pid 8836] <... mmap resumed>) = 0x7f300ac28000 [ 228.067821][ T8833] loop4: detected capacity change from 0 to 256 [pid 8837] <... openat resumed>) = 3 [pid 8836] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8835] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... mkdir resumed>) = 0 [pid 8836] <... mprotect resumed>) = 0 [pid 8837] write(3, "1000", 4) = 4 [pid 8836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8837] close(3) = 0 [pid 8837] symlink("/dev/binderfs", "./binderfs" [pid 8836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8837] <... symlink resumed>) = 0 [pid 8836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}executing program [pid 8837] write(1, "executing program\n", 18) = 18 [pid 8836] <... clone3 resumed> => {parent_tid=[8838]}, 88) = 8838 [pid 8837] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8836] rt_sigprocmask(SIG_SETMASK, [], [pid 8837] <... futex resumed>) = 0 [pid 8836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8837] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8836] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8837] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8836] <... futex resumed>) = 0 [pid 8837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8836] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8837] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 8838 attached [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8839 attached [pid 8838] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] <... openat resumed>) = 3 [pid 8839] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8838] <... rseq resumed>) = 0 [pid 8839] <... rseq resumed>) = 0 [pid 8838] set_robust_list(0x7f300ac489a0, 24 [pid 8837] <... clone3 resumed> => {parent_tid=[8839]}, 88) = 8839 [pid 8835] <... write resumed>) = 131072 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8839] set_robust_list(0x7f300ac489a0, 24 [pid 8838] <... set_robust_list resumed>) = 0 [pid 8837] rt_sigprocmask(SIG_SETMASK, [], [pid 8838] rt_sigprocmask(SIG_SETMASK, [], [pid 8837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8837] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8837] <... futex resumed>) = 0 [pid 5830] close(3 [pid 8839] <... set_robust_list resumed>) = 0 [pid 8837] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8839] memfd_create("syzkaller", 0 [pid 5830] <... close resumed>) = 0 [pid 8839] <... memfd_create resumed>) = 3 [pid 8838] memfd_create("syzkaller", 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8835] munmap(0x7f3002800000, 138412032 [pid 8838] <... memfd_create resumed>) = 3 [pid 8839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8839] <... mmap resumed>) = 0x7f3002800000 [pid 8838] <... mmap resumed>) = 0x7f3002800000 [pid 8839] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8835] <... munmap resumed>) = 0 [pid 8838] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 8840 attached [pid 8840] set_robust_list(0x55556b85b6a0, 24 [pid 8839] <... write resumed>) = 131072 [pid 8838] <... write resumed>) = 131072 [pid 8835] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8840 [pid 8839] munmap(0x7f3002800000, 138412032) = 0 [pid 8839] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 228.136470][ T8833] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8839] ioctl(4, LOOP_SET_FD, 3 [pid 8840] <... set_robust_list resumed>) = 0 [pid 8838] munmap(0x7f3002800000, 138412032 [pid 8835] <... openat resumed>) = 4 [pid 8840] chdir("./259" [pid 8835] ioctl(4, LOOP_SET_FD, 3 [pid 8838] <... munmap resumed>) = 0 [pid 8838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8835] <... ioctl resumed>) = 0 [pid 8839] <... ioctl resumed>) = 0 [pid 8840] <... chdir resumed>) = 0 [pid 8838] <... openat resumed>) = 4 [pid 8833] <... mount resumed>) = 0 [pid 8840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8839] close(3 [pid 8838] ioctl(4, LOOP_SET_FD, 3 [pid 8835] close(3 [pid 8833] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8840] <... prctl resumed>) = 0 [pid 8839] <... close resumed>) = 0 [pid 8833] <... openat resumed>) = 3 [pid 8839] close(4) = 0 [pid 8840] setpgid(0, 0 [pid 8839] mkdir("./file1", 0777 [pid 8838] <... ioctl resumed>) = 0 [pid 8835] <... close resumed>) = 0 [pid 8833] chdir("./file1" [pid 8840] <... setpgid resumed>) = 0 [pid 8833] <... chdir resumed>) = 0 [pid 8840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8839] <... mkdir resumed>) = 0 [pid 8835] close(4 [pid 8833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8835] <... close resumed>) = 0 [pid 8840] <... openat resumed>) = 3 [pid 8839] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8835] mkdir("./file1", 0777 [pid 8833] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8840] write(3, "1000", 4 [pid 8835] <... mkdir resumed>) = 0 [pid 8833] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8840] <... write resumed>) = 4 [pid 8838] close(3 [pid 8835] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8833] <... futex resumed>) = 1 [pid 8832] <... futex resumed>) = 0 [pid 8832] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8833] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8840] close(3 [pid 8838] <... close resumed>) = 0 [pid 8833] <... openat resumed>) = 4 [pid 8832] <... futex resumed>) = 0 [pid 8840] <... close resumed>) = 0 [pid 8838] close(4 [pid 8833] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8840] symlink("/dev/binderfs", "./binderfs" [pid 8832] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8838] <... close resumed>) = 0 [pid 8833] <... futex resumed>) = 0 [pid 8840] <... symlink resumed>) = 0 [pid 8838] mkdir("./file1", 0777 [pid 8833] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8840] write(1, "executing program\n", 18 [pid 8832] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 8840] <... write resumed>) = 18 [pid 8833] <... futex resumed>) = 0 [pid 8832] <... futex resumed>) = 1 [ 228.183503][ T8839] loop2: detected capacity change from 0 to 256 [ 228.191866][ T8835] loop3: detected capacity change from 0 to 256 [ 228.213789][ T8838] loop1: detected capacity change from 0 to 256 [pid 8840] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8838] <... mkdir resumed>) = 0 [pid 8833] mkdir("./file2", 0777 [pid 8832] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8838] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8840] <... futex resumed>) = 0 [pid 8840] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8835] <... mount resumed>) = 0 [pid 8833] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8833] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 228.246624][ T8835] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 228.259280][ T8833] exFAT-fs (loop4): error, data size is invalid(9000) [ 228.266078][ T8833] exFAT-fs (loop4): Filesystem has been set read-only [pid 8840] <... mmap resumed>) = 0x7f300ac28000 [pid 8835] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8832] <... futex resumed>) = ? [pid 8840] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8835] <... openat resumed>) = 3 [pid 8833] +++ killed by SIGSEGV +++ [pid 8832] +++ killed by SIGSEGV +++ [pid 8840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8835] chdir("./file1" [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8832, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8835] <... chdir resumed>) = 0 [pid 8840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8835] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8835] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8835] <... futex resumed>) = 1 [pid 8835] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 8841 attached [pid 8840] <... clone3 resumed> => {parent_tid=[8841]}, 88) = 8841 [pid 8834] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8840] rt_sigprocmask(SIG_SETMASK, [], [pid 8834] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8835] <... futex resumed>) = 0 [pid 8834] <... futex resumed>) = 1 [pid 5834] <... openat resumed>) = 3 [pid 8840] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8835] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] newfstatat(3, "", [pid 8841] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8840] <... futex resumed>) = 0 [pid 8835] <... openat resumed>) = 4 [pid 8834] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8841] <... rseq resumed>) = 0 [pid 8840] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8835] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8841] set_robust_list(0x7f300ac489a0, 24 [pid 8835] <... futex resumed>) = 0 [ 228.286864][ T8839] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8834] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 8841] <... set_robust_list resumed>) = 0 [pid 8835] mkdir("./file2", 0777 [pid 8834] <... futex resumed>) = 0 [pid 8841] rt_sigprocmask(SIG_SETMASK, [], [pid 8839] <... mount resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8839] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8834] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8841] memfd_create("syzkaller", 0 [pid 8839] <... openat resumed>) = 3 [pid 8841] <... memfd_create resumed>) = 3 [pid 8839] chdir("./file1" [pid 8841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8839] <... chdir resumed>) = 0 [pid 8841] <... mmap resumed>) = 0x7f3002800000 [pid 8841] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... umount2 resumed>) = 0 [pid 8841] <... write resumed>) = 131072 [pid 8839] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8835] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8839] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8835] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] newfstatat(AT_FDCWD, "./259/file1", [pid 8839] <... futex resumed>) = 1 [pid 8837] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8837] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8834] <... futex resumed>) = ? [pid 5834] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8839] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8837] <... futex resumed>) = 0 [pid 8835] +++ killed by SIGSEGV +++ [pid 8834] +++ killed by SIGSEGV +++ [pid 8837] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8834, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8841] munmap(0x7f3002800000, 138412032 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8841] <... munmap resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8841] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8839] <... openat resumed>) = 4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8839] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8839] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... openat resumed>) = 4 [pid 5833] umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8841] <... openat resumed>) = 4 [pid 8837] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8837] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8837] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8837] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8841] ioctl(4, LOOP_SET_FD, 3 [ 228.324183][ T8835] exFAT-fs (loop3): error, data size is invalid(9000) [ 228.335038][ T8835] exFAT-fs (loop3): Filesystem has been set read-only [ 228.361250][ T8838] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] getdents64(3, [pid 8839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8838] <... mount resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8839] mkdir("./file2", 0777 [pid 8838] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8838] <... openat resumed>) = 3 [pid 5834] getdents64(4, [pid 8838] chdir("./file1" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8838] <... chdir resumed>) = 0 [pid 5834] getdents64(4, [pid 8838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8838] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] close(4 [pid 8838] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8838] <... futex resumed>) = 1 [pid 5834] rmdir("./259/file1" [pid 8838] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... rmdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8836] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./262/file1", [pid 8836] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8838] <... futex resumed>) = 0 [pid 8836] <... futex resumed>) = 1 [pid 8838] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8836] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] newfstatat(AT_FDCWD, "./259/binderfs", [pid 5833] <... openat resumed>) = 4 [pid 8838] <... openat resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] unlink("./259/binderfs" [pid 5833] close(4) = 0 [pid 5833] rmdir("./262/file1" [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8838] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 5833] umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] unlink("./262/binderfs" [pid 8838] <... futex resumed>) = 1 [pid 8836] <... futex resumed>) = 0 [pid 5834] close(3 [pid 8837] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... unlink resumed>) = 0 [pid 8837] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 8837] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] close(3 [pid 8838] mkdir("./file2", 0777 [pid 8837] <... mmap resumed>) = 0x7f300ac07000 [pid 8836] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 8837] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] rmdir("./262" [pid 8836] <... futex resumed>) = 0 [pid 5834] rmdir("./259" [pid 8837] <... mprotect resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] mkdir("./263", 0777 [pid 8837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 8842 attached ) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8837] <... clone3 resumed> => {parent_tid=[8842]}, 88) = 8842 [pid 5833] <... ioctl resumed>) = 0 [pid 8837] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(3 [pid 8842] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8842] <... rseq resumed>) = 0 [pid 8837] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8842] set_robust_list(0x7f300ac279a0, 24 [pid 8841] <... ioctl resumed>) = 0 [pid 8836] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... rmdir resumed>) = 0 [pid 8842] <... set_robust_list resumed>) = 0 [pid 8842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 228.364947][ T8841] loop0: detected capacity change from 0 to 256 [ 228.389241][ T8839] exFAT-fs (loop2): error, data size is invalid(9000) [ 228.403920][ T8839] exFAT-fs (loop2): Filesystem has been set read-only [ 228.416131][ T8838] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8842] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 8837] <... futex resumed>) = 0 [pid 5834] mkdir("./260", 0777 [pid 8842] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8837] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8842] <... futex resumed>) = 0 [pid 8837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8842] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8841] close(3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8843 attached [pid 8841] <... close resumed>) = 0 [pid 8841] close(4) = 0 [pid 8841] mkdir("./file1", 0777) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8843 [pid 8843] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8843] chdir("./263" [pid 8841] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8843] <... chdir resumed>) = 0 [pid 8843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8843] setpgid(0, 0) = 0 [pid 8843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8843] write(3, "1000", 4 [pid 5834] <... mkdir resumed>) = 0 [pid 8843] <... write resumed>) = 4 [pid 8843] close(3) = 0 executing program [pid 8843] symlink("/dev/binderfs", "./binderfs" [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8843] <... symlink resumed>) = 0 [pid 8843] write(1, "executing program\n", 18) = 18 [pid 8843] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8843] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8843] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8843] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8841] <... mount resumed>) = 0 [pid 8839] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8838] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... openat resumed>) = 3 [pid 8843] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8841] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8839] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 8844 attached [pid 8842] <... futex resumed>) = ? [pid 8841] <... openat resumed>) = 3 [pid 8838] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8842] +++ killed by SIGSEGV +++ [pid 8844] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8839] +++ killed by SIGSEGV +++ [pid 8837] +++ killed by SIGSEGV +++ [pid 5834] <... ioctl resumed>) = 0 [pid 8844] <... rseq resumed>) = 0 [pid 5834] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8837, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5834] <... close resumed>) = 0 [pid 8838] +++ killed by SIGSEGV +++ [pid 8836] +++ killed by SIGSEGV +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8836, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8843] <... clone3 resumed> => {parent_tid=[8844]}, 88) = 8844 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8843] rt_sigprocmask(SIG_SETMASK, [], [pid 8841] chdir("./file1" [pid 8843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8841] <... chdir resumed>) = 0 [pid 8843] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8841] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8843] <... futex resumed>) = 0 [pid 8841] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8843] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8841] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8840] <... futex resumed>) = 0 [pid 8840] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8840] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8841] <... futex resumed>) = 1 [pid 8841] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8844] set_robust_list(0x7f300ac489a0, 24 [pid 5832] umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8844] <... set_robust_list resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8845 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8845 attached [pid 8844] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] newfstatat(3, "", [pid 5831] newfstatat(3, "", [pid 8844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8844] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 8845] set_robust_list(0x55556b85b6a0, 24 [pid 8844] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8845] <... set_robust_list resumed>) = 0 [pid 5832] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8845] chdir("./260" [pid 8844] <... mmap resumed>) = 0x7f3002800000 [pid 8845] <... chdir resumed>) = 0 [pid 8845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8844] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8841] <... openat resumed>) = 4 [pid 8845] <... prctl resumed>) = 0 [pid 8845] setpgid(0, 0) = 0 [pid 8845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8844] <... write resumed>) = 131072 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8841] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8845] write(3, "1000", 4 [pid 8841] <... futex resumed>) = 1 [pid 8840] <... futex resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./255/file1", [pid 8845] <... write resumed>) = 4 [ 228.444712][ T8841] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 228.463344][ T8838] exFAT-fs (loop1): Filesystem has been set read-only [pid 8841] mkdir("./file2", 0777 [pid 8840] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./263/file1", [pid 8845] close(3 [pid 8844] munmap(0x7f3002800000, 138412032 [pid 8840] <... futex resumed>) = 0 [pid 8845] <... close resumed>) = 0 [pid 8840] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8845] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8844] <... munmap resumed>) = 0 [pid 5832] umount2("./255/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8845] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8845] <... write resumed>) = 18 [pid 8844] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] openat(AT_FDCWD, "./255/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8845] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 5831] <... openat resumed>) = 4 [pid 8845] <... futex resumed>) = 0 [pid 8844] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(4, "", [pid 8845] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8844] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8845] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 8845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] close(4 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 8845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] rmdir("./255/file1" [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8845] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(4 [pid 8845] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 8845] <... mprotect resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./263/file1" [pid 8845] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] newfstatat(AT_FDCWD, "./255/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 8845] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] unlink("./255/binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... unlink resumed>) = 0 [pid 8845] <... clone3 resumed> => {parent_tid=[8846]}, 88) = 8846 [pid 5831] newfstatat(AT_FDCWD, "./263/binderfs", [pid 8845] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8846 attached [pid 8845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./263/binderfs" [pid 8846] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8845] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 8846] <... rseq resumed>) = 0 [pid 8844] <... ioctl resumed>) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./255" [pid 8844] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8844] <... close resumed>) = 0 [pid 8846] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8846] memfd_create("syzkaller", 0 [pid 8845] <... futex resumed>) = 0 [pid 8845] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8844] close(4 [pid 5832] mkdir("./256", 0777 [pid 5831] rmdir("./263" [pid 8844] <... close resumed>) = 0 [pid 8846] <... memfd_create resumed>) = 3 [pid 8844] mkdir("./file1", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8844] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] mkdir("./264", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 8846] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8844] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 8840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8840] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 8840] <... futex resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8840] <... mmap resumed>) = 0x7f300ac07000 [pid 8840] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8847 attached [pid 8840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8847] set_robust_list(0x55556b85b6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8847 [pid 8840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8848 [pid 8847] <... set_robust_list resumed>) = 0 [pid 8840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8849 attached ./strace-static-x86_64: Process 8848 attached [pid 8849] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8840] <... clone3 resumed> => {parent_tid=[8849]}, 88) = 8849 [pid 8849] <... rseq resumed>) = 0 [pid 8848] set_robust_list(0x55556b85b6a0, 24 [pid 8840] rt_sigprocmask(SIG_SETMASK, [], [pid 8849] set_robust_list(0x7f300ac279a0, 24 [pid 8848] <... set_robust_list resumed>) = 0 [pid 8840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8849] <... set_robust_list resumed>) = 0 [pid 8848] chdir("./256" [pid 8840] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8840] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8849] rt_sigprocmask(SIG_SETMASK, [], [pid 8848] <... chdir resumed>) = 0 [pid 8847] chdir("./264" [pid 8846] <... write resumed>) = 131072 [pid 8849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8849] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8848] <... prctl resumed>) = 0 [pid 8849] <... ioctl resumed>) = 0 [pid 8848] setpgid(0, 0 [pid 8847] <... chdir resumed>) = 0 [pid 8846] munmap(0x7f3002800000, 138412032 [pid 8847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8849] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8848] <... setpgid resumed>) = 0 [pid 8846] <... munmap resumed>) = 0 [pid 8849] <... futex resumed>) = 1 [pid 8848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 228.505015][ T8841] exFAT-fs (loop0): error, data size is invalid(9000) [ 228.528871][ T8844] loop3: detected capacity change from 0 to 256 [ 228.530950][ T8841] exFAT-fs (loop0): Filesystem has been set read-only [pid 8846] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8840] <... futex resumed>) = 0 [pid 8848] <... openat resumed>) = 3 [pid 8846] <... openat resumed>) = 4 [pid 8848] write(3, "1000", 4 [pid 8846] ioctl(4, LOOP_SET_FD, 3 [pid 8848] <... write resumed>) = 4 [pid 8848] close(3) = 0 [pid 8849] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL executing program [pid 8848] symlink("/dev/binderfs", "./binderfs" [pid 8847] <... prctl resumed>) = 0 [pid 8848] <... symlink resumed>) = 0 [pid 8848] write(1, "executing program\n", 18) = 18 [pid 8847] setpgid(0, 0 [pid 8848] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8847] <... setpgid resumed>) = 0 [pid 8848] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8841] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8848] <... mmap resumed>) = 0x7f300ac28000 [pid 8841] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8849] <... futex resumed>) = ? [pid 8849] +++ killed by SIGSEGV +++ [pid 8848] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8848] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8847] <... openat resumed>) = 3 [pid 8848] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8850]}, 88) = 8850 [pid 8847] write(3, "1000", 4 [pid 8848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8850 attached [pid 8848] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8841] +++ killed by SIGSEGV +++ [pid 8840] +++ killed by SIGSEGV +++ [pid 8848] <... futex resumed>) = 0 [pid 8848] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8847] <... write resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8840, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8850] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8847] close(3 [pid 8850] <... rseq resumed>) = 0 [pid 8850] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8850] memfd_create("syzkaller", 0 [pid 8847] <... close resumed>) = 0 [pid 8850] <... memfd_create resumed>) = 3 [pid 8850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8850] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8847] symlink("/dev/binderfs", "./binderfs" [pid 8846] <... ioctl resumed>) = 0 [pid 8850] <... write resumed>) = 131072 [pid 8847] <... symlink resumed>) = 0 [pid 8846] close(3executing program [pid 8847] write(1, "executing program\n", 18 [pid 8846] <... close resumed>) = 0 [pid 8850] munmap(0x7f3002800000, 138412032 [pid 5830] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8847] <... write resumed>) = 18 [pid 8846] close(4 [pid 8850] <... munmap resumed>) = 0 [pid 8847] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8846] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8847] <... futex resumed>) = 0 [pid 8846] mkdir("./file1", 0777 [pid 8850] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8844] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 228.580498][ T8846] loop4: detected capacity change from 0 to 256 [ 228.605258][ T8844] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8850] ioctl(4, LOOP_SET_FD, 3 [pid 8847] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8846] <... mkdir resumed>) = 0 [pid 8844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 8847] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8846] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5830] newfstatat(3, "", [pid 8847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8844] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8844] chdir("./file1" [pid 5830] getdents64(3, [pid 8847] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8847] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8850] <... ioctl resumed>) = 0 [pid 8844] <... chdir resumed>) = 0 [pid 8847] <... clone3 resumed> => {parent_tid=[8851]}, 88) = 8851 [pid 8844] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8844] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8847] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8847] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 8851 attached [pid 8850] close(3 [pid 8844] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8850] <... close resumed>) = 0 [pid 8844] <... futex resumed>) = 1 [pid 8851] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8843] <... futex resumed>) = 0 [pid 8851] <... rseq resumed>) = 0 [pid 8844] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8850] close(4 [pid 8843] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8843] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8850] <... close resumed>) = 0 [pid 8843] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] newfstatat(AT_FDCWD, "./259/file1", [pid 8850] mkdir("./file1", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8851] set_robust_list(0x7f300ac489a0, 24 [pid 5830] <... openat resumed>) = 4 [pid 8851] <... set_robust_list resumed>) = 0 [pid 8851] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 8851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8851] memfd_create("syzkaller", 0 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./259/file1") = 0 [pid 8850] <... mkdir resumed>) = 0 [pid 5830] umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8851] <... memfd_create resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./259/binderfs", [pid 8851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8851] <... mmap resumed>) = 0x7f3002800000 [pid 8850] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8851] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8844] <... openat resumed>) = 4 [pid 5830] unlink("./259/binderfs") = 0 [pid 5830] getdents64(3, [pid 8844] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8844] <... futex resumed>) = 1 [pid 8843] <... futex resumed>) = 0 [pid 5830] close(3 [pid 8844] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8843] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 8851] <... write resumed>) = 131072 [pid 8844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8843] <... futex resumed>) = 0 [pid 5830] rmdir("./259" [pid 8844] mkdir("./file2", 0777 [ 228.642407][ T8850] loop2: detected capacity change from 0 to 256 [ 228.671769][ T8846] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8843] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./260", 0777) = 0 [pid 8851] munmap(0x7f3002800000, 138412032 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8851] <... munmap resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8846] <... mount resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8846] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... ioctl resumed>) = 0 [pid 8846] <... openat resumed>) = 3 [pid 5830] close(3 [pid 8846] chdir("./file1") = 0 [pid 8846] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8846] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8845] <... futex resumed>) = 0 [pid 8845] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8845] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8846] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] <... close resumed>) = 0 [pid 8846] <... openat resumed>) = 4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8852 attached [pid 8846] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8845] <... futex resumed>) = 0 [pid 8845] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8845] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8846] mkdir("./file2", 0777 [pid 8852] set_robust_list(0x55556b85b6a0, 24 [pid 8851] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8852] <... set_robust_list resumed>) = 0 [pid 8852] chdir("./260") = 0 [pid 8852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8852] setpgid(0, 0) = 0 [pid 8852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8852] write(3, "1000", 4) = 4 [ 228.711121][ T8844] exFAT-fs (loop3): error, data size is invalid(9000) [ 228.718374][ T8844] exFAT-fs (loop3): Filesystem has been set read-only [ 228.736126][ T8846] exFAT-fs (loop4): error, data size is invalid(9000) [ 228.750422][ T8851] loop1: detected capacity change from 0 to 256 [pid 8852] close(3) = 0 [pid 8852] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8843] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8843] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8852] write(1, "executing program\n", 18 [pid 8843] <... futex resumed>) = 0 [pid 8852] <... write resumed>) = 18 [pid 8843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8852] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8843] <... mmap resumed>) = 0x7f300ac07000 [pid 8852] <... futex resumed>) = 0 [pid 8843] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8852] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8843] <... mprotect resumed>) = 0 [pid 8852] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8843] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8843] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8853]}, 88) = 8853 [pid 8852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8843] rt_sigprocmask(SIG_SETMASK, [], [pid 8852] <... mmap resumed>) = 0x7f300ac28000 [pid 8843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8852] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8843] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8853 attached [pid 8852] <... mprotect resumed>) = 0 [pid 8843] <... futex resumed>) = 0 [pid 8852] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8843] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8853] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8852] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8852 [pid 8844] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8854]}, 88) = 8854 ./strace-static-x86_64: Process 8854 attached [pid 8852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8852] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8851] close(3 [pid 8852] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8851] <... close resumed>) = 0 [pid 8845] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8854] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8853] <... rseq resumed>) = ? [pid 8851] close(4 [pid 8845] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8843] <... futex resumed>) = ? [pid 8853] +++ killed by SIGSEGV +++ [pid 8851] <... close resumed>) = 0 [pid 8845] <... futex resumed>) = 0 [pid 8844] +++ killed by SIGSEGV +++ [pid 8843] +++ killed by SIGSEGV +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8843, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8854] <... rseq resumed>) = 0 [pid 8851] mkdir("./file1", 0777 [pid 8845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8851] <... mkdir resumed>) = 0 [pid 8845] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8854] set_robust_list(0x7f300ac489a0, 24 [pid 8845] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8854] <... set_robust_list resumed>) = 0 [pid 8845] <... mprotect resumed>) = 0 [pid 8854] rt_sigprocmask(SIG_SETMASK, [], [pid 8845] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8845] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8854] memfd_create("syzkaller", 0 [pid 8851] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8855 attached [pid 8854] <... memfd_create resumed>) = 3 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8845] <... clone3 resumed> => {parent_tid=[8855]}, 88) = 8855 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8854] <... mmap resumed>) = 0x7f3002800000 [pid 8845] rt_sigprocmask(SIG_SETMASK, [], [pid 8854] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] getdents64(3, [pid 8855] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8845] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8855] <... rseq resumed>) = 0 [pid 8845] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8855] set_robust_list(0x7f300ac279a0, 24 [pid 8850] <... mount resumed>) = 0 [pid 8846] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8855] <... set_robust_list resumed>) = 0 [ 228.755037][ T8850] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 228.772218][ T8846] exFAT-fs (loop4): Filesystem has been set read-only [pid 8855] rt_sigprocmask(SIG_SETMASK, [], [pid 8854] <... write resumed>) = 131072 [pid 8850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8846] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8850] <... openat resumed>) = 3 [pid 5833] <... umount2 resumed>) = 0 [pid 8855] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8854] munmap(0x7f3002800000, 138412032) = 0 [pid 8854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8854] ioctl(4, LOOP_SET_FD, 3 [pid 8855] <... ioctl resumed>) = ? [pid 8850] chdir("./file1" [pid 8845] <... futex resumed>) = ? [pid 5833] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8850] <... chdir resumed>) = 0 [pid 8850] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./263/file1", [pid 8855] +++ killed by SIGSEGV +++ [pid 8850] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8846] +++ killed by SIGSEGV +++ [pid 8845] +++ killed by SIGSEGV +++ [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8845, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5833] openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8850] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 4 [pid 8850] <... futex resumed>) = 1 [pid 8850] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8848] <... futex resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5833] newfstatat(4, "", [pid 8848] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8850] <... futex resumed>) = 0 [pid 8848] <... futex resumed>) = 1 [pid 5834] umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(4, [pid 8850] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8850] <... openat resumed>) = 4 [pid 8848] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8854] <... ioctl resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] getdents64(4, [pid 8854] close(3 [pid 8850] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(3, "", [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 8854] <... close resumed>) = 0 [pid 8850] <... futex resumed>) = 1 [pid 8848] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... close resumed>) = 0 [pid 8848] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8854] close(4 [pid 8848] <... futex resumed>) = 0 [pid 5834] getdents64(3, [ 228.837430][ T8854] loop0: detected capacity change from 0 to 256 [ 228.864199][ T8851] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] rmdir("./263/file1" [pid 8854] <... close resumed>) = 0 [pid 8850] mkdir("./file2", 0777 [pid 8848] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... rmdir resumed>) = 0 [pid 8854] mkdir("./file1", 0777 [pid 5834] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8854] <... mkdir resumed>) = 0 [pid 8854] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8851] <... mount resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./263/binderfs", [pid 8851] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8851] chdir("./file1") = 0 [pid 8851] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8851] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8851] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8847] <... futex resumed>) = 0 [pid 8847] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8847] <... futex resumed>) = 1 [pid 8847] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(AT_FDCWD, "./260/file1", [pid 5833] unlink("./263/binderfs" [pid 8851] <... futex resumed>) = 0 [pid 8851] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] <... unlink resumed>) = 0 [pid 8848] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] getdents64(3, [pid 8851] <... openat resumed>) = 4 [pid 8848] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8848] <... futex resumed>) = 0 [pid 5833] close(3 [pid 5834] openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 8851] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8847] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] rmdir("./263" [pid 8848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8851] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8847] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8854] <... mount resumed>) = 0 [pid 8851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8847] <... futex resumed>) = 0 [ 228.886969][ T8850] exFAT-fs (loop2): error, data size is invalid(9000) [ 228.905368][ T8854] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 228.928165][ T8850] exFAT-fs (loop2): Filesystem has been set read-only [pid 8851] mkdir("./file2", 0777 [pid 8847] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8848] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] newfstatat(4, "", [pid 5833] <... rmdir resumed>) = 0 [pid 8854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8848] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] mkdir("./264", 0777 [pid 8854] <... openat resumed>) = 3 [pid 8848] <... mprotect resumed>) = 0 [pid 5834] getdents64(4, [pid 5833] <... mkdir resumed>) = 0 [pid 8854] chdir("./file1" [pid 8848] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8854] <... chdir resumed>) = 0 [pid 8850] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8848] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] getdents64(4, [pid 5833] <... openat resumed>) = 3 [pid 8854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8854] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8854] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8852] <... futex resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8850] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] <... ioctl resumed>) = 0 [pid 5834] close(4 [pid 8852] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 ./strace-static-x86_64: Process 8856 attached [pid 8848] <... clone3 resumed> ) = ? [pid 8856] +++ killed by SIGSEGV +++ [pid 8854] <... futex resumed>) = 0 [pid 8852] <... futex resumed>) = 1 [pid 5834] rmdir("./260/file1" [pid 8854] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8852] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8854] <... openat resumed>) = 4 [pid 8850] +++ killed by SIGSEGV +++ [pid 8848] +++ killed by SIGSEGV +++ [pid 5834] <... rmdir resumed>) = 0 [pid 5833] close(3 [pid 8854] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8848, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5834] umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8854] <... futex resumed>) = 1 [pid 8852] <... futex resumed>) = 0 [pid 8852] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8852] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 228.951265][ T8851] exFAT-fs (loop1): error, data size is invalid(9000) [ 228.958142][ T8851] exFAT-fs (loop1): Filesystem has been set read-only [ 228.990924][ T8854] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8854] mkdir("./file2", 0777 [pid 8851] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] unlink("./260/binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8854] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8851] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] getdents64(3, [pid 8847] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5834] close(3 [pid 8847] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... close resumed>) = 0 [pid 8847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8847] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8857]}, 88) = 8857 [pid 8847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8847] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8847] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8847] <... futex resumed>) = ? [pid 5834] rmdir("./260" [pid 5832] newfstatat(3, "", [pid 8851] +++ killed by SIGSEGV +++ [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] mkdir("./261", 0777 [pid 5832] getdents64(3, ./strace-static-x86_64: Process 8858 attached [pid 8854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... mkdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] <... openat resumed>) = 3 [pid 5832] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8852] <... futex resumed>) = ? [pid 8854] +++ killed by SIGSEGV +++ [pid 8852] +++ killed by SIGSEGV +++ [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8852, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] <... ioctl resumed>) = 0 [pid 5830] umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8857 attached [pid 8857] +++ killed by SIGSEGV +++ [pid 8847] +++ killed by SIGSEGV +++ [pid 5834] close(3 [pid 5830] <... openat resumed>) = 3 [pid 8858] set_robust_list(0x55556b85b6a0, 24 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8847, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] newfstatat(3, "", [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8858] <... set_robust_list resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8858 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8858] chdir("./264" [pid 5834] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 8858] <... chdir resumed>) = 0 [pid 8858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8858] setpgid(0, 0) = 0 [pid 8858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 8858] write(3, "1000", 4) = 4 [pid 8858] close(3) = 0 [pid 8858] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... restart_syscall resumed>) = 0 [pid 8858] <... symlink resumed>) = 0 [pid 8858] write(1, "executing program\n", 18) = 18 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8858] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8858] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 228.997730][ T8854] exFAT-fs (loop0): Filesystem has been set read-only [pid 8858] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8858] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... openat resumed>) = 3 [pid 8858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] newfstatat(3, "", [pid 8858] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8858] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] getdents64(3, [pid 8858] <... mprotect resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 8858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8859]}, 88) = 8859 ./strace-static-x86_64: Process 8859 attached [pid 8858] rt_sigprocmask(SIG_SETMASK, [], [pid 8859] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8859] <... rseq resumed>) = 0 [pid 8858] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8859] set_robust_list(0x7f300ac489a0, 24 [pid 8858] <... futex resumed>) = 0 [pid 8859] <... set_robust_list resumed>) = 0 [pid 8858] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8859] memfd_create("syzkaller", 0) = 3 [pid 8859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8859] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8860 attached [pid 8859] <... write resumed>) = 131072 [pid 5832] newfstatat(AT_FDCWD, "./256/file1", [pid 5831] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./260/file1", [pid 8860] set_robust_list(0x55556b85b6a0, 24 [pid 8859] munmap(0x7f3002800000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8860] <... set_robust_list resumed>) = 0 [pid 8859] <... munmap resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8860 [pid 5832] umount2("./256/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./256/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8860] chdir("./261" [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 8860] <... chdir resumed>) = 0 [pid 8859] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] newfstatat(4, "", [pid 5831] newfstatat(AT_FDCWD, "./264/file1", [pid 5830] newfstatat(4, "", [pid 8860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8859] <... openat resumed>) = 4 [pid 8860] <... prctl resumed>) = 0 [pid 8859] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8860] setpgid(0, 0 [pid 5832] getdents64(4, [pid 5831] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8860] <... setpgid resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8860] write(3, "1000", 4) = 4 [pid 8860] close(3) = 0 [pid 8860] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 8860] <... symlink resumed>) = 0 [pid 5832] close(4 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 executing program [pid 8860] write(1, "executing program\n", 18 [pid 5832] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] close(4 [pid 8860] <... write resumed>) = 18 [pid 5832] rmdir("./256/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 8860] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(4, [pid 5830] rmdir("./260/file1" [pid 8860] <... futex resumed>) = 0 [pid 8860] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... rmdir resumed>) = 0 [pid 8860] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8860] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8860] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] getdents64(4, [pid 5830] umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./256/binderfs", [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./260/binderfs", [pid 8860] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8861 attached [pid 8861] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8860] <... clone3 resumed> => {parent_tid=[8861]}, 88) = 8861 [pid 8859] <... ioctl resumed>) = 0 [pid 5832] unlink("./256/binderfs" [pid 5831] <... close resumed>) = 0 [pid 5830] unlink("./260/binderfs" [pid 8861] <... rseq resumed>) = 0 [pid 8860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8860] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... unlink resumed>) = 0 [pid 5831] rmdir("./264/file1" [pid 8861] set_robust_list(0x7f300ac489a0, 24 [pid 8860] <... futex resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8861] <... set_robust_list resumed>) = 0 [pid 8860] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] getdents64(3, [pid 8861] rt_sigprocmask(SIG_SETMASK, [], [pid 8859] close(3 [pid 8861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8859] <... close resumed>) = 0 [pid 8861] memfd_create("syzkaller", 0 [pid 8859] close(4 [pid 8861] <... memfd_create resumed>) = 3 [pid 8859] <... close resumed>) = 0 [pid 8861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8859] mkdir("./file1", 0777 [pid 8861] <... mmap resumed>) = 0x7f3002800000 [pid 8859] <... mkdir resumed>) = 0 [pid 8861] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8859] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./264/binderfs", [pid 5830] rmdir("./260" [pid 5832] <... close resumed>) = 0 [pid 8861] <... write resumed>) = 131072 [pid 5832] rmdir("./256" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8861] munmap(0x7f3002800000, 138412032) = 0 [ 229.085115][ T8859] loop3: detected capacity change from 0 to 256 [pid 8861] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] unlink("./264/binderfs" [pid 5830] mkdir("./261", 0777 [pid 5832] mkdir("./257", 0777 [pid 5831] <... unlink resumed>) = 0 [pid 8861] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8861] ioctl(4, LOOP_CLR_FD) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8861] ioctl(4, LOOP_SET_FD, 3 [pid 5832] close(3 [pid 8861] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8861] close(4) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] rmdir("./264" [pid 5830] <... ioctl resumed>) = 0 [pid 8861] close(3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... rmdir resumed>) = 0 [pid 5830] close(3 [pid 8861] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8861] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8861] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 8862 attached [pid 5831] mkdir("./265", 0777 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8860] <... futex resumed>) = 0 [pid 8860] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8860] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8861] <... futex resumed>) = 0 [pid 8861] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5831] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 8863 attached [pid 8862] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8862 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8862] <... set_robust_list resumed>) = 0 [pid 8861] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8863 [pid 8862] chdir("./257" [pid 8861] <... futex resumed>) = 1 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8861] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8860] <... futex resumed>) = 0 [pid 8861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8860] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8861] mkdir("./file2", 0777 [pid 8860] <... futex resumed>) = 0 [pid 8861] <... mkdir resumed>) = 0 [pid 8860] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8861] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8860] <... futex resumed>) = ? [pid 8862] <... chdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 8863] set_robust_list(0x55556b85b6a0, 24 [pid 8862] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8861] +++ killed by SIGSEGV +++ [pid 8860] +++ killed by SIGSEGV +++ [pid 5831] close(3 [pid 8863] <... set_robust_list resumed>) = 0 [pid 8862] <... prctl resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8860, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 5831] <... close resumed>) = 0 [pid 8862] setpgid(0, 0 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8862] <... setpgid resumed>) = 0 [pid 8863] chdir("./261" [pid 8862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 8864 attached [pid 8863] <... chdir resumed>) = 0 [pid 8862] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8864 [pid 8863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8862] write(3, "1000", 4 [pid 8863] <... prctl resumed>) = 0 [pid 8862] <... write resumed>) = 4 [pid 5834] umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8863] setpgid(0, 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8863] <... setpgid resumed>) = 0 [pid 8862] close(3 [pid 5834] openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 229.162940][ T8859] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8864] set_robust_list(0x55556b85b6a0, 24 [pid 8863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8864] <... set_robust_list resumed>) = 0 [pid 8862] <... close resumed>) = 0 [pid 8859] <... mount resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8864] chdir("./265" [pid 8863] <... openat resumed>) = 3 [pid 8864] <... chdir resumed>) = 0 [pid 8862] symlink("/dev/binderfs", "./binderfs" [pid 8859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] newfstatat(3, "", [pid 8864] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8863] write(3, "1000", 4 [pid 8862] <... symlink resumed>) = 0 [pid 8859] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8859] chdir("./file1" [pid 5834] getdents64(3, [pid 8859] <... chdir resumed>) = 0 [pid 8864] <... prctl resumed>) = 0 [pid 8863] <... write resumed>) = 4 [pid 8862] write(1, "executing program\n", 18 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8864] setpgid(0, 0executing program [pid 8863] close(3 [pid 8862] <... write resumed>) = 18 [pid 8859] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] umount2("./261/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./261/devices.list", [pid 8862] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8864] <... setpgid resumed>) = 0 [pid 8862] <... futex resumed>) = 0 [pid 8859] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5834] unlink("./261/devices.list" [pid 8864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8862] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8864] <... openat resumed>) = 3 [pid 8862] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8859] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... unlink resumed>) = 0 [pid 8864] write(3, "1000", 4) = 4 [pid 8864] close(3) = 0 [pid 8862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8859] <... futex resumed>) = 1 [pid 8858] <... futex resumed>) = 0 [pid 5834] umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8864] symlink("/dev/binderfs", "./binderfs" [pid 8862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8859] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8858] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8863] <... close resumed>) = 0 [pid 8864] <... symlink resumed>) = 0 [pid 8862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8858] <... futex resumed>) = 0 executing program [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8864] write(1, "executing program\n", 18 [pid 8862] <... mmap resumed>) = 0x7f300ac28000 [pid 8859] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8858] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] newfstatat(AT_FDCWD, "./261/binderfs", [pid 8864] <... write resumed>) = 18 [pid 8864] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8862] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8864] <... futex resumed>) = 0 [pid 8863] symlink("/dev/binderfs", "./binderfs" [pid 5834] unlink("./261/binderfs" [pid 8864] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8863] <... symlink resumed>) = 0 [pid 8862] <... mprotect resumed>) = 0 [pid 8859] <... openat resumed>) = 4 [pid 5834] <... unlink resumed>) = 0 [pid 8864] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8863] write(1, "executing program\n", 18 [pid 8862] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8859] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./261/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8864] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 8864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8863] <... write resumed>) = 18 [pid 8862] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8859] <... futex resumed>) = 1 [pid 8858] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8864] <... mmap resumed>) = 0x7f300ac28000 [pid 8864] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8863] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8859] mkdir("./file2", 0777 [pid 8858] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./261/file2", [pid 8858] <... futex resumed>) = 0 [pid 8864] <... mprotect resumed>) = 0 [pid 8858] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8864] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] umount2("./261/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8864] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8863] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./261/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8865 attached [pid 8864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8866 attached [pid 8863] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8862] <... clone3 resumed> => {parent_tid=[8865]}, 88) = 8865 [pid 8865] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8864] <... clone3 resumed> => {parent_tid=[8866]}, 88) = 8866 [pid 8863] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8866] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8865] <... rseq resumed>) = 0 [pid 8864] rt_sigprocmask(SIG_SETMASK, [], [pid 8866] <... rseq resumed>) = 0 [pid 8865] set_robust_list(0x7f300ac489a0, 24 [pid 8864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8862] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] newfstatat(4, "", [pid 8866] set_robust_list(0x7f300ac489a0, 24 [pid 8865] <... set_robust_list resumed>) = 0 [pid 8864] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8862] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] getdents64(4, [pid 8863] <... mmap resumed>) = 0x7f300ac28000 [pid 8866] <... set_robust_list resumed>) = 0 [pid 8865] rt_sigprocmask(SIG_SETMASK, [], [pid 8864] <... futex resumed>) = 0 [pid 8862] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8866] rt_sigprocmask(SIG_SETMASK, [], [pid 8865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8864] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8863] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8865] memfd_create("syzkaller", 0 [pid 8863] <... mprotect resumed>) = 0 [pid 8859] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] getdents64(4, [pid 8866] memfd_create("syzkaller", 0 [pid 8865] <... memfd_create resumed>) = 3 [pid 8863] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8866] <... memfd_create resumed>) = 3 [pid 8865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8863] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8859] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8858] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] close(4 [pid 8863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8858] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8865] <... mmap resumed>) = 0x7f3002800000 ./strace-static-x86_64: Process 8867 attached [pid 8866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8865] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8858] <... futex resumed>) = 0 [pid 5834] rmdir("./261/file2" [pid 8866] <... mmap resumed>) = 0x7f3002800000 [pid 8866] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... rmdir resumed>) = 0 [pid 8867] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8867] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8866] <... write resumed>) = 131072 [pid 8867] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8865] <... write resumed>) = 131072 [pid 8863] <... clone3 resumed> => {parent_tid=[8867]}, 88) = 8867 [pid 8865] munmap(0x7f3002800000, 138412032) = 0 [pid 8866] munmap(0x7f3002800000, 138412032) = 0 [pid 8865] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 229.289440][ T8859] exFAT-fs (loop3): error, data size is invalid(9000) [ 229.317360][ T8859] exFAT-fs (loop3): Filesystem has been set read-only [pid 5834] close(3 [pid 8865] ioctl(4, LOOP_SET_FD, 3 [pid 8866] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8863] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... close resumed>) = 0 [pid 8866] <... openat resumed>) = 4 [pid 8863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] rmdir("./261" [pid 8866] ioctl(4, LOOP_SET_FD, 3 [pid 8863] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rmdir resumed>) = 0 [pid 8863] <... futex resumed>) = 1 [pid 8863] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8859] +++ killed by SIGSEGV +++ [pid 8858] +++ killed by SIGSEGV +++ [pid 5834] mkdir("./262", 0777 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8858, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8867] <... futex resumed>) = 0 [pid 8867] memfd_create("syzkaller", 0 [pid 5834] <... mkdir resumed>) = 0 [pid 8867] <... memfd_create resumed>) = 3 [pid 8867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8867] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8866] <... ioctl resumed>) = 0 [pid 8865] <... ioctl resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 8867] <... write resumed>) = 131072 [pid 8865] close(3) = 0 [pid 8867] munmap(0x7f3002800000, 138412032 [pid 8865] close(4 [pid 5833] umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8865] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 229.356200][ T8865] loop2: detected capacity change from 0 to 256 [ 229.365012][ T8866] loop1: detected capacity change from 0 to 256 [pid 8865] mkdir("./file1", 0777 [pid 5833] openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8867] <... munmap resumed>) = 0 [pid 8866] close(3 [pid 8865] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8866] <... close resumed>) = 0 [pid 8865] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5833] <... openat resumed>) = 3 [pid 8867] <... openat resumed>) = 4 [pid 8866] close(4 [pid 5834] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8867] ioctl(4, LOOP_SET_FD, 3 [pid 8866] <... close resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 5834] close(3 [pid 8866] mkdir("./file1", 0777 [pid 5834] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8866] <... mkdir resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 8868 attached [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8868 [pid 5833] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8868] set_robust_list(0x55556b85b6a0, 24 [pid 8866] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8868] <... set_robust_list resumed>) = 0 [pid 8868] chdir("./262") = 0 [pid 8868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8868] setpgid(0, 0) = 0 [pid 8868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8867] <... ioctl resumed>) = 0 [pid 8868] <... openat resumed>) = 3 [pid 5833] <... umount2 resumed>) = 0 [pid 8868] write(3, "1000", 4) = 4 [pid 5833] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./264/file1", [pid 8867] close(3 [pid 8868] close(3 [pid 8867] <... close resumed>) = 0 [pid 8867] close(4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8868] <... close resumed>) = 0 [pid 8867] <... close resumed>) = 0 [pid 5833] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8867] mkdir("./file1", 0777) = 0 [pid 8867] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 229.414075][ T8867] loop0: detected capacity change from 0 to 256 [pid 8868] symlink("/dev/binderfs", "./binderfs" [pid 5833] openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8868] <... symlink resumed>) = 0 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8868] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8868] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 8868] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8868] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] close(4 [pid 8868] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] rmdir("./264/file1" [pid 8868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8868] <... mmap resumed>) = 0x7f300ac28000 [pid 8865] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8868] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] newfstatat(AT_FDCWD, "./264/binderfs", [pid 8868] <... mprotect resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8865] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] unlink("./264/binderfs" [pid 8868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8865] <... openat resumed>) = 3 [pid 8865] chdir("./file1") = 0 [pid 8868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8865] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] getdents64(3, [pid 8868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8865] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8865] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] close(3 [pid 8868] <... clone3 resumed> => {parent_tid=[8869]}, 88) = 8869 [pid 5833] <... close resumed>) = 0 [pid 8868] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] rmdir("./264"./strace-static-x86_64: Process 8869 attached [pid 8868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8862] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8868] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8862] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8868] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8862] <... futex resumed>) = 1 [pid 8869] <... rseq resumed>) = 0 [pid 8862] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8869] rt_sigprocmask(SIG_SETMASK, [], [pid 8865] <... futex resumed>) = 0 [pid 5833] mkdir("./265", 0777 [pid 8869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8865] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8869] memfd_create("syzkaller", 0 [pid 8865] <... openat resumed>) = 4 [pid 5833] <... mkdir resumed>) = 0 [pid 8869] <... memfd_create resumed>) = 3 [pid 8865] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 229.463290][ T8865] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 229.488095][ T8866] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8865] <... futex resumed>) = 1 [pid 8862] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8865] mkdir("./file2", 0777 [pid 8862] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8862] <... futex resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8862] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... ioctl resumed>) = 0 [pid 5833] close(3 [pid 8869] <... write resumed>) = 131072 [pid 5833] <... close resumed>) = 0 [pid 8866] <... mount resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8870 attached [pid 8869] munmap(0x7f3002800000, 138412032 [pid 8870] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8870] chdir("./265") = 0 [pid 8870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8870] setpgid(0, 0) = 0 [pid 8870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8866] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8870] <... openat resumed>) = 3 [pid 8869] <... munmap resumed>) = 0 [pid 8866] <... openat resumed>) = 3 [pid 8870] write(3, "1000", 4) = 4 [pid 8870] close(3) = 0 [pid 8870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8866] chdir("./file1"executing program [pid 8870] write(1, "executing program\n", 18 [pid 8869] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8866] <... chdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8870 [pid 8866] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8869] <... openat resumed>) = 4 [pid 8870] <... write resumed>) = 18 [pid 8866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 229.534487][ T8865] exFAT-fs (loop2): error, data size is invalid(9000) [ 229.554537][ T8867] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 229.559672][ T8865] exFAT-fs (loop2): Filesystem has been set read-only [pid 8870] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] ioctl(4, LOOP_SET_FD, 3 [pid 8866] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8870] <... futex resumed>) = 0 [pid 8870] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8866] <... futex resumed>) = 1 [pid 8862] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8870] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8864] <... futex resumed>) = 0 [pid 8866] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8862] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8870] <... mprotect resumed>) = 0 [pid 8864] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8870] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8866] <... futex resumed>) = 0 [pid 8864] <... futex resumed>) = 1 [pid 8862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8870] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8864] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8866] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8862] <... mmap resumed>) = 0x7f300ac07000 [pid 8862] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 8871 attached [pid 8870] <... clone3 resumed> => {parent_tid=[8871]}, 88) = 8871 [pid 8865] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8870] rt_sigprocmask(SIG_SETMASK, [], [pid 8865] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8862] <... mprotect resumed>) = 0 [pid 8871] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8871] <... rseq resumed>) = 0 [pid 8870] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8871] set_robust_list(0x7f300ac489a0, 24 [pid 8870] <... futex resumed>) = 0 [pid 8871] <... set_robust_list resumed>) = 0 [pid 8870] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8871] memfd_create("syzkaller", 0) = 3 [pid 8871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8871] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8867] <... mount resumed>) = 0 [pid 8866] <... openat resumed>) = 4 [pid 8865] +++ killed by SIGSEGV +++ [pid 8871] munmap(0x7f3002800000, 138412032 [pid 8867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8866] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8862] +++ killed by SIGSEGV +++ [pid 8871] <... munmap resumed>) = 0 [pid 8867] <... openat resumed>) = 3 [pid 8866] <... futex resumed>) = 1 [pid 8864] <... futex resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8862, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8867] chdir("./file1" [pid 8866] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8864] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8867] <... chdir resumed>) = 0 [pid 8866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8864] <... futex resumed>) = 0 [pid 8871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8869] <... ioctl resumed>) = 0 [pid 8864] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8871] <... openat resumed>) = 4 [pid 8869] close(3 [pid 8866] mkdir("./file2", 0777 [pid 8871] ioctl(4, LOOP_SET_FD, 3 [pid 8869] <... close resumed>) = 0 [pid 8869] close(4 [pid 8867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 229.600243][ T8869] loop4: detected capacity change from 0 to 256 [ 229.635004][ T8866] exFAT-fs (loop1): error, data size is invalid(9000) [ 229.643368][ T8871] loop3: detected capacity change from 0 to 256 [pid 5832] umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8869] <... close resumed>) = 0 [pid 8869] mkdir("./file1", 0777 [pid 5832] openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8867] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] <... mkdir resumed>) = 0 [pid 8867] <... futex resumed>) = 1 [pid 8863] <... futex resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8867] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] newfstatat(3, "", [pid 8863] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8863] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8867] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8863] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8871] <... ioctl resumed>) = 0 [pid 8867] <... openat resumed>) = 4 [pid 8864] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8864] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8864] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8872 attached => {parent_tid=[8872]}, 88) = 8872 [pid 8871] close(3 [pid 8864] rt_sigprocmask(SIG_SETMASK, [], [pid 8871] <... close resumed>) = 0 [pid 8864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8871] close(4 [pid 8864] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8872] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8871] <... close resumed>) = 0 [pid 8867] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8864] <... futex resumed>) = 0 [pid 8871] mkdir("./file1", 0777 [pid 8867] <... futex resumed>) = 1 [pid 8864] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8863] <... futex resumed>) = 0 [pid 8863] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8871] <... mkdir resumed>) = 0 [pid 8863] <... futex resumed>) = 0 [pid 8872] <... rseq resumed>) = 0 [pid 8867] mkdir("./file2", 0777 [pid 8863] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8872] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8871] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8872] rt_sigprocmask(SIG_SETMASK, [], [pid 8866] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = 0 [pid 8866] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8872] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 8872] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8864] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./257/file1", [pid 8872] +++ killed by SIGSEGV +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8866] +++ killed by SIGSEGV +++ [pid 8864] +++ killed by SIGSEGV +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8864, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] umount2("./257/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "./257/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5831] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5831] newfstatat(AT_FDCWD, "./265/file1", [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(4, [pid 5831] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [ 229.658714][ T8866] exFAT-fs (loop1): Filesystem has been set read-only [ 229.689150][ T8867] exFAT-fs (loop0): error, data size is invalid(9000) [pid 5832] close(4) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./257/file1" [pid 5831] openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 8863] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 8863] <... futex resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./265/file1") = 0 [pid 5831] umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./265/binderfs") = 0 [pid 8863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8863] <... mmap resumed>) = 0x7f300ac07000 [pid 8863] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5832] umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8863] <... mprotect resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3) = 0 [pid 5831] rmdir("./265" [pid 5832] newfstatat(AT_FDCWD, "./257/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./266", 0777 [pid 8863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 8863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] unlink("./257/binderfs"./strace-static-x86_64: Process 8873 attached ) = 0 [pid 8867] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8863] <... clone3 resumed> => {parent_tid=[8873]}, 88) = 8873 [pid 5832] getdents64(3, [pid 8873] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8873] <... rseq resumed>) = 0 [pid 8863] rt_sigprocmask(SIG_SETMASK, [], [pid 8873] set_robust_list(0x7f300ac279a0, 24 [pid 5832] close(3 [pid 8873] <... set_robust_list resumed>) = 0 [pid 8863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5832] rmdir("./257" [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8873] rt_sigprocmask(SIG_SETMASK, [], [pid 8863] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8863] <... futex resumed>) = 0 [pid 5832] mkdir("./258", 0777 [pid 8873] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8863] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8873] <... ioctl resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [ 229.729861][ T8871] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 229.730973][ T8867] exFAT-fs (loop0): Filesystem has been set read-only [ 229.763830][ T8869] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8873] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8867] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8863] <... futex resumed>) = ? [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8873] <... futex resumed>) = ? [pid 8867] +++ killed by SIGSEGV +++ [pid 5832] <... ioctl resumed>) = 0 [pid 8873] +++ killed by SIGSEGV +++ [pid 5832] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8874 ./strace-static-x86_64: Process 8874 attached [pid 8874] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8874] chdir("./266") = 0 [pid 8874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8874] setpgid(0, 0) = 0 [pid 8874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8863] +++ killed by SIGSEGV +++ [pid 8871] <... mount resumed>) = 0 [pid 8874] write(3, "1000", 4) = 4 [pid 8874] close(3) = 0 [pid 8874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8863, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8874] write(1, "executing program\n", 18) = 18 [pid 8874] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8874] <... futex resumed>) = 0 [pid 8871] <... openat resumed>) = 3 [pid 8874] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8871] chdir("./file1" [pid 8874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8871] <... chdir resumed>) = 0 [pid 8874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8874] <... mmap resumed>) = 0x7f300ac28000 [pid 8871] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8874] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8871] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8870] <... futex resumed>) = 0 [pid 8870] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8870] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8871] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8874] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8871] <... openat resumed>) = 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8875 attached [pid 5830] openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8875] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8874] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8871] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8875 [pid 5830] <... openat resumed>) = 3 [pid 8875] chdir("./258" [pid 8874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8871] <... futex resumed>) = 1 [pid 8870] <... futex resumed>) = 0 [pid 8869] <... mount resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8875] <... chdir resumed>) = 0 [pid 8875] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8871] mkdir("./file2", 0777 [pid 8870] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8876 attached [pid 8875] <... prctl resumed>) = 0 [pid 8876] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] getdents64(3, [pid 8875] setpgid(0, 0 [pid 8876] <... rseq resumed>) = 0 [pid 8875] <... setpgid resumed>) = 0 [pid 8870] <... futex resumed>) = 0 [pid 8869] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8876] set_robust_list(0x7f300ac489a0, 24 [pid 5830] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8876] <... set_robust_list resumed>) = 0 [pid 8876] rt_sigprocmask(SIG_SETMASK, [], [pid 8874] <... clone3 resumed> => {parent_tid=[8876]}, 88) = 8876 [pid 8870] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] chdir("./file1" [pid 5830] <... umount2 resumed>) = 0 [pid 8869] <... chdir resumed>) = 0 [pid 8869] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8869] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8869] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8874] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8874] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 8876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8875] <... openat resumed>) = 3 [pid 8868] <... futex resumed>) = 0 [pid 5830] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8876] memfd_create("syzkaller", 0 [pid 8868] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8875] write(3, "1000", 4) = 4 [pid 8869] <... futex resumed>) = 0 [pid 8868] <... futex resumed>) = 1 [pid 5830] newfstatat(AT_FDCWD, "./261/file1", [pid 8868] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8875] close(3) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8875] symlink("/dev/binderfs", "./binderfs" [pid 8869] <... openat resumed>) = 4 [pid 5830] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8869] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8868] <... futex resumed>) = 0 [pid 8868] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8868] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] mkdir("./file2", 0777executing program [pid 8876] <... memfd_create resumed>) = 3 [pid 8875] <... symlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./261/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8871] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8871] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8870] <... futex resumed>) = ? [pid 8876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8875] write(1, "executing program\n", 18 [pid 8871] +++ killed by SIGSEGV +++ [pid 8870] +++ killed by SIGSEGV +++ [pid 5830] newfstatat(4, "", [pid 8876] <... mmap resumed>) = 0x7f3002800000 [pid 8875] <... write resumed>) = 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8876] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8875] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8870, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5830] getdents64(4, [pid 8875] <... futex resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 229.822160][ T8871] exFAT-fs (loop3): error, data size is invalid(9000) [ 229.836310][ T8871] exFAT-fs (loop3): Filesystem has been set read-only [ 229.848731][ T8869] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8875] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8876] <... write resumed>) = 131072 [pid 8875] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] getdents64(4, [pid 8875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(4 [pid 8875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 8875] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] rmdir("./261/file1" [pid 5833] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 8875] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] newfstatat(3, "", [pid 5830] umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8875] <... mprotect resumed>) = 0 [pid 5833] getdents64(3, [pid 8875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8875] <... clone3 resumed> => {parent_tid=[8877]}, 88) = 8877 [pid 8875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8877 attached [pid 8875] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8876] munmap(0x7f3002800000, 138412032 [pid 8869] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./261/binderfs", [pid 8869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8868] <... futex resumed>) = ? [pid 8869] +++ killed by SIGSEGV +++ [pid 8868] +++ killed by SIGSEGV +++ [pid 8876] <... munmap resumed>) = 0 [pid 8875] <... futex resumed>) = 0 [pid 5833] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8875] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] unlink("./261/binderfs" [pid 5833] newfstatat(AT_FDCWD, "./265/file1", [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8868, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8877] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8876] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 8877] <... rseq resumed>) = 0 [pid 8876] <... openat resumed>) = 4 [pid 8877] set_robust_list(0x7f300ac489a0, 24 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8876] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8877] <... set_robust_list resumed>) = 0 [pid 8877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8877] memfd_create("syzkaller", 0 [pid 5834] <... restart_syscall resumed>) = 0 [ 229.868354][ T8869] exFAT-fs (loop4): Filesystem has been set read-only [pid 5833] openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(3 [pid 5834] umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8877] <... memfd_create resumed>) = 3 [pid 5834] openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] <... openat resumed>) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 5834] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... openat resumed>) = 4 [pid 5830] rmdir("./261" [pid 8877] <... mmap resumed>) = 0x7f3002800000 [pid 8877] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] newfstatat(4, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./262", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5833] getdents64(4, [pid 8877] <... write resumed>) = 131072 [pid 8877] munmap(0x7f3002800000, 138412032 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8877] <... munmap resumed>) = 0 [pid 8877] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8876] <... ioctl resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5833] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5834] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8877] ioctl(4, LOOP_SET_FD, 3 [pid 8876] close(3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] close(4 [pid 8876] <... close resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./262/file1", [pid 5830] <... ioctl resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4) = 0 [pid 5834] rmdir("./262/file1") = 0 [pid 5834] umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./262/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3 [pid 8876] close(4 [pid 5834] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5834] rmdir("./262") = 0 [pid 8876] <... close resumed>) = 0 [pid 5833] rmdir("./265/file1" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] mkdir("./263", 0777 [pid 5833] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8878 attached [pid 8876] mkdir("./file1", 0777 [pid 5834] <... mkdir resumed>) = 0 [pid 5833] umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8878] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8878 [pid 8878] <... set_robust_list resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8878] chdir("./262") = 0 [pid 8877] <... ioctl resumed>) = 0 [pid 8876] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] newfstatat(AT_FDCWD, "./265/binderfs", [pid 8878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8877] close(3 [pid 8878] <... prctl resumed>) = 0 [pid 8878] setpgid(0, 0) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... ioctl resumed>) = 0 [pid 8878] <... openat resumed>) = 3 [pid 5834] close(3 [pid 8878] write(3, "1000", 4 executing program [pid 8877] <... close resumed>) = 0 [pid 5833] unlink("./265/binderfs" [pid 8876] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8877] close(4 [pid 8878] <... write resumed>) = 4 [pid 8878] close(3) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8877] <... close resumed>) = 0 [pid 8878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8878] write(1, "executing program\n", 18) = 18 [pid 8878] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8877] mkdir("./file1", 0777 [pid 5833] getdents64(3, [pid 8878] <... futex resumed>) = 0 [pid 8878] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8878] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [ 229.907084][ T8876] loop1: detected capacity change from 0 to 256 [ 229.936047][ T8877] loop2: detected capacity change from 0 to 256 [pid 8878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8877] <... mkdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8877] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5833] close(3./strace-static-x86_64: Process 8879 attached ) = 0 [pid 8878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8879] set_robust_list(0x55556b85b6a0, 24 [pid 8878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8879] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 8880 attached [pid 8879] chdir("./263" [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8879 [pid 5833] rmdir("./265" [pid 8878] <... clone3 resumed> => {parent_tid=[8880]}, 88) = 8880 [pid 5833] <... rmdir resumed>) = 0 [pid 8879] <... chdir resumed>) = 0 [pid 8878] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] mkdir("./266", 0777 [pid 8880] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 8878] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8879] <... prctl resumed>) = 0 [pid 8878] <... futex resumed>) = 0 [pid 8879] setpgid(0, 0 [pid 8878] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 8880] <... rseq resumed>) = 0 [pid 8879] <... setpgid resumed>) = 0 [pid 8880] set_robust_list(0x7f300ac489a0, 24 [pid 8879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8880] <... set_robust_list resumed>) = 0 [pid 8879] <... openat resumed>) = 3 [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8880] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... ioctl resumed>) = 0 [pid 8880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8879] write(3, "1000", 4 [pid 8880] memfd_create("syzkaller", 0 [pid 8879] <... write resumed>) = 4 [pid 8879] close(3) = 0 [pid 8879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8880] <... memfd_create resumed>) = 3 [pid 8879] write(1, "executing program\n", 18) = 18 [pid 8880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8879] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8880] <... mmap resumed>) = 0x7f3002800000 [pid 8879] <... futex resumed>) = 0 [pid 8880] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8879] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8879] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] close(3 [pid 8880] <... write resumed>) = 131072 [pid 8879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8880] munmap(0x7f3002800000, 138412032) = 0 [pid 8880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 230.015729][ T8876] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 230.050422][ T8877] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8880] ioctl(4, LOOP_SET_FD, 3 [pid 8879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8877] <... mount resumed>) = 0 [pid 8876] <... mount resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556b85b690) = 8882 ./strace-static-x86_64: Process 8882 attached [pid 8879] <... clone3 resumed> => {parent_tid=[8881]}, 88) = 8881 [pid 8876] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8879] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8881 attached [pid 8882] set_robust_list(0x55556b85b6a0, 24 [pid 8879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8877] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8876] <... openat resumed>) = 3 [pid 8882] <... set_robust_list resumed>) = 0 [pid 8881] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8879] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8881] <... rseq resumed>) = 0 [pid 8879] <... futex resumed>) = 0 [pid 8881] set_robust_list(0x7f300ac489a0, 24 [pid 8879] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8877] <... openat resumed>) = 3 [pid 8882] chdir("./266" [pid 8881] <... set_robust_list resumed>) = 0 [pid 8876] chdir("./file1" [pid 8877] chdir("./file1" [pid 8882] <... chdir resumed>) = 0 [pid 8876] <... chdir resumed>) = 0 [pid 8882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8877] <... chdir resumed>) = 0 [pid 8882] <... prctl resumed>) = 0 [pid 8877] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8876] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8882] setpgid(0, 0 [pid 8881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8882] <... setpgid resumed>) = 0 [pid 8881] memfd_create("syzkaller", 0 [pid 8880] <... ioctl resumed>) = 0 [pid 8877] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8881] <... memfd_create resumed>) = 3 [pid 8877] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8876] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8882] <... openat resumed>) = 3 [pid 8881] <... mmap resumed>) = 0x7f3002800000 [pid 8877] <... futex resumed>) = 1 [pid 8882] write(3, "1000", 4 [pid 8881] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8880] close(3 [pid 8876] <... futex resumed>) = 1 [pid 8875] <... futex resumed>) = 0 [pid 8874] <... futex resumed>) = 0 [pid 8882] <... write resumed>) = 4 [pid 8881] <... write resumed>) = 131072 [pid 8880] <... close resumed>) = 0 [pid 8877] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8876] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8875] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8874] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8882] close(3 [pid 8880] close(4 [pid 8877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8874] <... futex resumed>) = 0 [pid 8882] <... close resumed>) = 0 [pid 8880] <... close resumed>) = 0 [pid 8877] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8875] <... futex resumed>) = 0 [pid 8874] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8882] symlink("/dev/binderfs", "./binderfs" [pid 8880] mkdir("./file1", 0777 [pid 8875] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 230.053809][ T8880] loop0: detected capacity change from 0 to 256 [pid 8881] munmap(0x7f3002800000, 138412032) = 0 executing program [pid 8882] <... symlink resumed>) = 0 [pid 8880] <... mkdir resumed>) = 0 [pid 8877] <... openat resumed>) = 4 [pid 8876] <... openat resumed>) = 4 [pid 8882] write(1, "executing program\n", 18 [pid 8880] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8877] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8876] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8882] <... write resumed>) = 18 [pid 8881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8876] <... futex resumed>) = 1 [pid 8874] <... futex resumed>) = 0 [pid 8882] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8881] <... openat resumed>) = 4 [pid 8877] <... futex resumed>) = 1 [pid 8876] mkdir("./file2", 0777 [pid 8875] <... futex resumed>) = 0 [pid 8874] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8882] <... futex resumed>) = 0 [pid 8881] ioctl(4, LOOP_SET_FD, 3 [pid 8875] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8874] <... futex resumed>) = 0 [pid 8882] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8875] <... futex resumed>) = 0 [pid 8874] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8882] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8877] mkdir("./file2", 0777 [pid 8875] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8881] <... ioctl resumed>) = 0 [pid 8881] close(3) = 0 [pid 8881] close(4) = 0 [pid 8881] mkdir("./file1", 0777) = 0 [ 230.111740][ T8876] exFAT-fs (loop1): error, data size is invalid(9000) [ 230.113273][ T8881] loop4: detected capacity change from 0 to 256 [ 230.118793][ T8876] exFAT-fs (loop1): Filesystem has been set read-only [ 230.137822][ T8877] exFAT-fs (loop2): error, data size is invalid(9000) [ 230.148046][ T8877] exFAT-fs (loop2): Filesystem has been set read-only [pid 8882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8877] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8876] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8881] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8882] <... mmap resumed>) = 0x7f300ac28000 [pid 8882] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8876] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8882] <... mprotect resumed>) = 0 [pid 8882] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8875] <... futex resumed>) = ? [pid 8874] <... futex resumed>) = ? [pid 8882] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8877] +++ killed by SIGSEGV +++ [pid 8876] +++ killed by SIGSEGV +++ [pid 8875] +++ killed by SIGSEGV +++ [pid 8874] +++ killed by SIGSEGV +++ [pid 8882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8875, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8874, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- ./strace-static-x86_64: Process 8883 attached [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8883] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8882] <... clone3 resumed> => {parent_tid=[8883]}, 88) = 8883 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8883] <... rseq resumed>) = 0 [pid 8883] set_robust_list(0x7f300ac489a0, 24 [pid 8882] rt_sigprocmask(SIG_SETMASK, [], [pid 8883] <... set_robust_list resumed>) = 0 [pid 8882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8883] rt_sigprocmask(SIG_SETMASK, [], [pid 8882] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8882] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8883] memfd_create("syzkaller", 0 [pid 8882] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(3, "", [pid 5832] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(3, [ 230.153762][ T8880] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8883] <... memfd_create resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8880] <... mount resumed>) = 0 [pid 5832] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8883] <... mmap resumed>) = 0x7f3002800000 [pid 8883] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8883] <... write resumed>) = 131072 [pid 8881] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./258/file1", [pid 5831] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./258/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./266/file1", [pid 5832] openat(AT_FDCWD, "./258/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8881] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8883] munmap(0x7f3002800000, 138412032 [pid 8881] chdir("./file1" [pid 8880] chdir("./file1" [pid 8883] <... munmap resumed>) = 0 [pid 8881] <... chdir resumed>) = 0 [pid 8880] <... chdir resumed>) = 0 [pid 8881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8880] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8880] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8881] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8880] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8881] <... futex resumed>) = 1 [pid 8880] <... futex resumed>) = 1 [pid 8879] <... futex resumed>) = 0 [pid 8878] <... futex resumed>) = 0 [pid 5832] getdents64(4, [pid 8881] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8880] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8879] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8878] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 4 [pid 8883] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8879] <... futex resumed>) = 0 [pid 8878] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(4, "", [pid 8883] <... openat resumed>) = 4 [pid 8881] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8880] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8879] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8878] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(4, [pid 8883] ioctl(4, LOOP_SET_FD, 3 [pid 8881] <... openat resumed>) = 4 [pid 8880] <... openat resumed>) = 4 [ 230.204654][ T8881] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 230.241720][ T8883] loop3: detected capacity change from 0 to 256 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8883] <... ioctl resumed>) = 0 [pid 8881] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8880] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(4 [pid 5831] getdents64(4, [pid 8880] <... futex resumed>) = 1 [pid 5832] <... close resumed>) = 0 [pid 8878] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8878] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./258/file1" [pid 5831] getdents64(4, [pid 8880] mkdir("./file2", 0777 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8881] <... futex resumed>) = 1 [pid 8879] <... futex resumed>) = 0 [pid 8881] mkdir("./file2", 0777 [pid 8879] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 8878] <... futex resumed>) = 0 [pid 5831] close(4 [pid 8878] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 8879] <... futex resumed>) = 0 [pid 5832] umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./266/file1" [pid 8879] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... rmdir resumed>) = 0 [pid 8883] close(3) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./258/binderfs", [pid 8883] close(4) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] unlink("./258/binderfs" [pid 5831] newfstatat(AT_FDCWD, "./266/binderfs", [pid 8883] mkdir("./file1", 0777) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8883] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5832] getdents64(3, [pid 5831] unlink("./266/binderfs" [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5832] close(3 [pid 5831] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./258" [pid 5831] close(3) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] rmdir("./266" [pid 5832] mkdir("./259", 0777 [pid 8880] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8880] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] <... openat resumed>) = 3 [pid 5831] mkdir("./267", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8880] +++ killed by SIGSEGV +++ [pid 5831] <... mkdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8881] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8878] <... futex resumed>) = ? [pid 5832] close(3 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8879] <... futex resumed>) = ? [ 230.251128][ T8880] exFAT-fs (loop0): error, data size is invalid(9000) [ 230.257941][ T8880] exFAT-fs (loop0): Filesystem has been set read-only [ 230.267305][ T8881] exFAT-fs (loop4): error, data size is invalid(9000) [ 230.276248][ T8881] exFAT-fs (loop4): Filesystem has been set read-only [pid 8881] +++ killed by SIGSEGV +++ [pid 8879] +++ killed by SIGSEGV +++ [pid 8878] +++ killed by SIGSEGV +++ [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8878, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5830] umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8879, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... ioctl resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8884 [pid 5834] newfstatat(3, "", ./strace-static-x86_64: Process 8884 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8884] set_robust_list(0x55556b85b6a0, 24 [pid 5834] getdents64(3, [pid 8884] <... set_robust_list resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8884] chdir("./259" [pid 5834] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8884] <... chdir resumed>) = 0 [pid 8884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8884] setpgid(0, 0 [pid 5831] close(3 [pid 8884] <... setpgid resumed>) = 0 [pid 8884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8884] write(3, "1000", 4) = 4 [pid 5831] <... close resumed>) = 0 [pid 8884] close(3) = 0 [pid 8883] <... mount resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORYexecuting program [pid 8884] write(1, "executing program\n", 18 [pid 8883] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8885 attached [pid 8884] <... write resumed>) = 18 [pid 8884] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8884] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8883] chdir("./file1" [pid 8884] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8883] <... chdir resumed>) = 0 [pid 8884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8883] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8883] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8884] <... mmap resumed>) = 0x7f300ac28000 [pid 8883] <... futex resumed>) = 1 [pid 8882] <... futex resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8885 [pid 8884] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8882] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8885] set_robust_list(0x55556b85b6a0, 24 [pid 8884] <... mprotect resumed>) = 0 [pid 8882] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 230.315119][ T8883] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8884] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8883] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8885] <... set_robust_list resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8885] chdir("./267" [pid 5830] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8885] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] newfstatat(AT_FDCWD, "./262/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8884] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] getdents64(4, [pid 8884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8886 attached [pid 8883] <... openat resumed>) = 4 [pid 5830] getdents64(4, [pid 8885] setpgid(0, 0 [pid 8884] <... clone3 resumed> => {parent_tid=[8886]}, 88) = 8886 [pid 8883] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8886] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8884] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(4 [pid 8886] <... rseq resumed>) = 0 [pid 8885] <... setpgid resumed>) = 0 [pid 8884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 8886] set_robust_list(0x7f300ac489a0, 24 [pid 8885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8884] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8883] <... futex resumed>) = 1 [pid 8882] <... futex resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./263/file1", [pid 5830] rmdir("./262/file1" [pid 8886] <... set_robust_list resumed>) = 0 [pid 8885] <... openat resumed>) = 3 [pid 8884] <... futex resumed>) = 0 [pid 8883] mkdir("./file2", 0777 [pid 8882] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8886] rt_sigprocmask(SIG_SETMASK, [], [pid 8885] write(3, "1000", 4 [pid 8884] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8885] <... write resumed>) = 4 [pid 8882] <... futex resumed>) = 0 [pid 5834] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8885] close(3 [pid 8886] memfd_create("syzkaller", 0 [pid 8885] <... close resumed>) = 0 [pid 8882] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8885] symlink("/dev/binderfs", "./binderfs" [pid 8886] <... memfd_create resumed>) = 3 [pid 5834] openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./262/binderfs", [pid 8886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8885] <... symlink resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8886] <... mmap resumed>) = 0x7f3002800000 executing program [pid 8885] write(1, "executing program\n", 18 [pid 5834] newfstatat(4, "", [pid 8886] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8885] <... write resumed>) = 18 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] unlink("./262/binderfs" [pid 8885] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(4, [pid 5830] <... unlink resumed>) = 0 [pid 8886] <... write resumed>) = 131072 [pid 8885] <... futex resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8885] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] getdents64(4, [pid 8885] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8886] munmap(0x7f3002800000, 138412032 [pid 5834] close(4 [pid 5830] getdents64(3, [pid 8886] <... munmap resumed>) = 0 [pid 8885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8885] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] rmdir("./263/file1" [pid 5830] close(3 [pid 8885] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8885] <... mprotect resumed>) = 0 [pid 5834] umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./262" [pid 8886] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8885] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 8886] <... openat resumed>) = 4 [pid 8885] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] newfstatat(AT_FDCWD, "./263/binderfs", [pid 8885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mkdir("./263", 0777./strace-static-x86_64: Process 8887 attached [pid 8886] ioctl(4, LOOP_SET_FD, 3 [pid 5834] unlink("./263/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [ 230.394384][ T8883] exFAT-fs (loop3): error, data size is invalid(9000) [ 230.432187][ T8886] loop2: detected capacity change from 0 to 256 [pid 5834] rmdir("./263" [pid 8883] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... rmdir resumed>) = 0 [pid 5834] mkdir("./264", 0777 [pid 8887] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8885] <... clone3 resumed> => {parent_tid=[8887]}, 88) = 8887 [pid 5834] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8887] <... rseq resumed>) = 0 [pid 8885] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8887] set_robust_list(0x7f300ac489a0, 24 [pid 8885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8887] <... set_robust_list resumed>) = 0 [pid 8885] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8887] rt_sigprocmask(SIG_SETMASK, [], [pid 8885] <... futex resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8885] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] close(3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8887] memfd_create("syzkaller", 0 [pid 5834] <... close resumed>) = 0 [pid 8887] <... memfd_create resumed>) = 3 [pid 8886] <... ioctl resumed>) = 0 [pid 8883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 8888 attached [pid 8887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8886] close(3 [pid 8888] set_robust_list(0x55556b85b6a0, 24 [pid 8887] <... mmap resumed>) = 0x7f3002800000 [pid 8886] <... close resumed>) = 0 [pid 8882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8888 [pid 5830] close(3 [pid 8888] <... set_robust_list resumed>) = 0 [pid 8886] close(4 [pid 8882] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8888] chdir("./264" [pid 8886] <... close resumed>) = 0 [pid 8882] <... futex resumed>) = 0 [pid 8887] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8888] <... chdir resumed>) = 0 [pid 8886] mkdir("./file1", 0777 [pid 8882] <... mmap resumed>) = -1 (errno 18446744073709551533) [pid 8886] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8888] setpgid(0, 0) = 0 [pid 8888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8886] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8888] <... openat resumed>) = 3 [pid 8888] write(3, "1000", 4 [pid 8883] +++ killed by SIGSEGV +++ [pid 8882] +++ killed by SIGSEGV +++ [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8882, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5833] umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8887] <... write resumed>) = 131072 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8889 attached [pid 8887] munmap(0x7f3002800000, 138412032 [pid 5833] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8889 [pid 8889] set_robust_list(0x55556b85b6a0, 24 [pid 8888] <... write resumed>) = 4 [pid 8887] <... munmap resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8889] <... set_robust_list resumed>) = 0 [pid 8888] close(3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 230.439198][ T8883] exFAT-fs (loop3): Filesystem has been set read-only [pid 8888] <... close resumed>) = 0 [pid 5833] getdents64(3, [pid 8888] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8888] <... symlink resumed>) = 0 [pid 5833] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 8888] write(1, "executing program\n", 18) = 18 [pid 8888] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8888] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8889] chdir("./263" [pid 8888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8887] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8889] <... chdir resumed>) = 0 [pid 8888] <... mmap resumed>) = 0x7f300ac28000 [pid 8887] <... openat resumed>) = 4 [pid 8889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8888] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8887] ioctl(4, LOOP_SET_FD, 3 [pid 8889] <... prctl resumed>) = 0 [pid 8888] <... mprotect resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 8889] setpgid(0, 0 [pid 8888] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8889] <... setpgid resumed>) = 0 [pid 8888] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] newfstatat(AT_FDCWD, "./266/file1", ./strace-static-x86_64: Process 8890 attached [pid 8889] <... openat resumed>) = 3 [pid 8887] <... ioctl resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8889] write(3, "1000", 4 [pid 8887] close(3 [pid 8889] <... write resumed>) = 4 [pid 8887] <... close resumed>) = 0 [pid 8889] close(3 [pid 8887] close(4 [pid 8889] <... close resumed>) = 0 [pid 8887] <... close resumed>) = 0 [pid 8889] symlink("/dev/binderfs", "./binderfs" [pid 8890] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8889] <... symlink resumed>) = 0 executing program [pid 8890] <... rseq resumed>) = 0 [pid 8889] write(1, "executing program\n", 18 [pid 8887] mkdir("./file1", 0777 [pid 5833] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8889] <... write resumed>) = 18 [pid 8890] set_robust_list(0x7f300ac489a0, 24 [pid 8889] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8888] <... clone3 resumed> => {parent_tid=[8890]}, 88) = 8890 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8889] <... futex resumed>) = 0 [pid 8887] <... mkdir resumed>) = 0 [pid 8890] <... set_robust_list resumed>) = 0 [pid 8889] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8888] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8889] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8890] rt_sigprocmask(SIG_SETMASK, [], [pid 8889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8887] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] <... openat resumed>) = 4 [pid 8890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8888] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(4, "", [pid 8890] memfd_create("syzkaller", 0 [pid 8889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8888] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8890] <... memfd_create resumed>) = 3 [pid 8888] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] getdents64(4, [pid 8890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8890] <... mmap resumed>) = 0x7f3002800000 [pid 5833] getdents64(4, [pid 8890] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./266/file1") = 0 [pid 8890] <... write resumed>) = 131072 [pid 5833] umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./266/binderfs" [pid 8889] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... unlink resumed>) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./266" [pid 8890] munmap(0x7f3002800000, 138412032 [pid 8889] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... rmdir resumed>) = 0 [pid 8890] <... munmap resumed>) = 0 [pid 8889] <... mprotect resumed>) = 0 [pid 5833] mkdir("./267", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8890] <... openat resumed>) = 4 [pid 8889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... ioctl resumed>) = 0 [pid 8890] ioctl(4, LOOP_SET_FD, 3 [pid 8889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(3 [pid 8889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8891 attached => {parent_tid=[8891]}, 88) = 8891 [pid 8889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8889] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 230.496082][ T8887] loop1: detected capacity change from 0 to 256 [ 230.505096][ T8886] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8889] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8891] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] <... close resumed>) = 0 [pid 8891] <... rseq resumed>) = 0 [pid 8891] set_robust_list(0x7f300ac489a0, 24 [pid 8886] <... mount resumed>) = 0 [pid 8886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8891] <... set_robust_list resumed>) = 0 [pid 8886] chdir("./file1") = 0 [pid 8886] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8892 [pid 8891] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8892 attached NULL, 8) = 0 [pid 8886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8886] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8891] memfd_create("syzkaller", 0 [pid 8886] <... futex resumed>) = 1 [pid 8884] <... futex resumed>) = 0 [pid 8884] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8886] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8884] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8891] <... memfd_create resumed>) = 3 [pid 8892] set_robust_list(0x55556b85b6a0, 24 [pid 8891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8887] <... mount resumed>) = 0 [pid 8891] <... mmap resumed>) = 0x7f3002800000 [pid 8892] <... set_robust_list resumed>) = 0 [pid 8892] chdir("./267" [pid 8887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8886] <... openat resumed>) = 4 [pid 8892] <... chdir resumed>) = 0 [pid 8887] <... openat resumed>) = 3 [pid 8892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8891] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8887] chdir("./file1" [pid 8886] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8886] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8884] <... futex resumed>) = 0 [ 230.557193][ T8887] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 230.581686][ T8890] loop4: detected capacity change from 0 to 256 [pid 8892] <... prctl resumed>) = 0 [pid 8887] <... chdir resumed>) = 0 [pid 8884] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8892] setpgid(0, 0 [pid 8886] <... futex resumed>) = 0 [pid 8884] <... futex resumed>) = 1 [pid 8892] <... setpgid resumed>) = 0 [pid 8887] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8886] mkdir("./file2", 0777 [pid 8884] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8891] <... write resumed>) = 131072 [pid 8892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8887] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8885] <... futex resumed>) = 0 [pid 8892] <... openat resumed>) = 3 [pid 8891] munmap(0x7f3002800000, 138412032 [pid 8890] <... ioctl resumed>) = 0 [pid 8887] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8885] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8890] close(3 [pid 8887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8885] <... futex resumed>) = 0 [pid 8890] <... close resumed>) = 0 [pid 8887] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8892] write(3, "1000", 4 [pid 8891] <... munmap resumed>) = 0 [pid 8890] close(4 [pid 8885] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8892] <... write resumed>) = 4 [pid 8892] close(3 [pid 8890] <... close resumed>) = 0 [pid 8890] mkdir("./file1", 0777 [pid 8892] <... close resumed>) = 0 [pid 8891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8890] <... mkdir resumed>) = 0 [pid 8892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8891] <... openat resumed>) = 4 [pid 8890] mount("/dev/loop4", "./file1", "exfat", 0, "" executing program [pid 8892] write(1, "executing program\n", 18 [pid 8891] ioctl(4, LOOP_SET_FD, 3 [pid 8892] <... write resumed>) = 18 [pid 8887] <... openat resumed>) = 4 [pid 8887] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8887] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8892] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8885] <... futex resumed>) = 0 [pid 8892] <... futex resumed>) = 0 [pid 8892] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8885] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8892] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8885] <... futex resumed>) = 1 [pid 8892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8891] <... ioctl resumed>) = 0 [pid 8885] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [ 230.607449][ T8886] exFAT-fs (loop2): error, data size is invalid(9000) [ 230.626754][ T8891] loop0: detected capacity change from 0 to 256 [ 230.629836][ T8886] exFAT-fs (loop2): Filesystem has been set read-only [pid 8892] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8887] <... futex resumed>) = 0 [pid 8887] mkdir("./file2", 0777 [pid 8892] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8891] close(3 [pid 8884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8892] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8891] <... close resumed>) = 0 [pid 8892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8891] close(4./strace-static-x86_64: Process 8893 attached ) = 0 [pid 8884] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8893] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8892] <... clone3 resumed> => {parent_tid=[8893]}, 88) = 8893 [pid 8891] mkdir("./file1", 0777 [pid 8893] <... rseq resumed>) = 0 [pid 8893] set_robust_list(0x7f300ac489a0, 24 [pid 8892] rt_sigprocmask(SIG_SETMASK, [], [pid 8891] <... mkdir resumed>) = 0 [pid 8884] <... futex resumed>) = 0 [pid 8893] <... set_robust_list resumed>) = 0 [pid 8892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8891] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8893] rt_sigprocmask(SIG_SETMASK, [], [pid 8892] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8892] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8884] <... mmap resumed>) = 0x7f300ac07000 [pid 8884] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8893] memfd_create("syzkaller", 0./strace-static-x86_64: Process 8894 attached [pid 8894] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8893] <... memfd_create resumed>) = 3 [pid 8884] <... clone3 resumed> => {parent_tid=[8894]}, 88) = 8894 [pid 8893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8894] <... rseq resumed>) = 0 [pid 8893] <... mmap resumed>) = 0x7f3002800000 [pid 8884] rt_sigprocmask(SIG_SETMASK, [], [pid 8894] set_robust_list(0x7f300ac279a0, 24 [pid 8884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8884] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8894] <... set_robust_list resumed>) = 0 [pid 8884] <... futex resumed>) = 0 [pid 8884] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8894] rt_sigprocmask(SIG_SETMASK, [], [pid 8893] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8886] <... mkdir resumed>) = -1 EIO (Input/output error) [ 230.658557][ T8887] exFAT-fs (loop1): error, data size is invalid(9000) [ 230.665638][ T8887] exFAT-fs (loop1): Filesystem has been set read-only [pid 8894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8886] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8885] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8885] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8893] <... write resumed>) = 131072 [pid 8885] <... futex resumed>) = 0 [pid 8884] <... futex resumed>) = ? [pid 8887] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8886] +++ killed by SIGSEGV +++ [pid 8893] munmap(0x7f3002800000, 138412032 [pid 8885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8893] <... munmap resumed>) = 0 [pid 8887] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8885] <... mmap resumed>) = 0x7f300ac07000 [pid 8893] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8894] +++ killed by SIGSEGV +++ [pid 8893] <... openat resumed>) = 4 [pid 8887] +++ killed by SIGSEGV +++ [pid 8884] +++ killed by SIGSEGV +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8884, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 230.703030][ T8891] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 230.715789][ T8890] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8893] ioctl(4, LOOP_SET_FD, 3 [pid 8885] +++ killed by SIGSEGV +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8885, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5832] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8890] <... mount resumed>) = 0 [pid 8893] <... ioctl resumed>) = 0 [pid 8891] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8890] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 8890] <... openat resumed>) = 3 [pid 8890] chdir("./file1") = 0 [pid 8890] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8890] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8888] <... futex resumed>) = 0 [pid 8888] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8890] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8888] <... futex resumed>) = 0 [pid 8893] close(3 [pid 8891] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8888] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8893] <... close resumed>) = 0 [pid 8891] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8893] close(4 [pid 8891] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8893] <... close resumed>) = 0 [pid 8891] <... chdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8893] mkdir("./file1", 0777 [pid 8891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./259/file1", [pid 5831] <... openat resumed>) = 3 [pid 8893] <... mkdir resumed>) = 0 [pid 8891] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8890] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(3, "", [pid 8893] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8891] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./259/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8891] <... futex resumed>) = 1 [pid 8889] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8891] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8889] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8890] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "./259/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, [pid 8889] <... futex resumed>) = 0 [pid 8890] <... futex resumed>) = 1 [pid 8888] <... futex resumed>) = 0 [pid 8891] <... openat resumed>) = 4 [pid 8890] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8889] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8888] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8891] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8888] <... futex resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 8891] <... futex resumed>) = 0 [pid 8890] mkdir("./file2", 0777 [pid 8889] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8888] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8891] mkdir("./file2", 0777 [pid 8889] <... futex resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 230.744174][ T8893] loop3: detected capacity change from 0 to 256 [pid 8889] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./259/file1") = 0 [pid 5831] newfstatat(AT_FDCWD, "./267/file1", [pid 5832] umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./259/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./259") = 0 [pid 5832] mkdir("./260", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8888] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8888] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... ioctl resumed>) = 0 [pid 8888] <... futex resumed>) = 0 [ 230.786969][ T8891] exFAT-fs (loop0): error, data size is invalid(9000) [ 230.788094][ T8890] exFAT-fs (loop4): error, data size is invalid(9000) [ 230.811038][ T8891] exFAT-fs (loop0): Filesystem has been set read-only [pid 5832] close(3 [pid 8888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8888] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8888] <... clone3 resumed> => {parent_tid=[8895]}, 88) = 8895 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8895 attached [pid 8891] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8895] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 5831] openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8895] <... rseq resumed>) = 0 [pid 8891] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8895] set_robust_list(0x7f300ac279a0, 24 [pid 8888] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... openat resumed>) = 4 [pid 8895] <... set_robust_list resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] newfstatat(4, "", [pid 8888] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8888] <... futex resumed>) = 0 [pid 8888] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8896 ./strace-static-x86_64: Process 8896 attached [pid 8895] rt_sigprocmask(SIG_SETMASK, [], [pid 8890] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8889] <... futex resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8891] +++ killed by SIGSEGV +++ [pid 5831] getdents64(4, [pid 8896] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8895] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8889] +++ killed by SIGSEGV +++ [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8896] chdir("./260" [pid 5831] getdents64(4, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8889, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8895] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 8895] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8896] <... chdir resumed>) = 0 [pid 8895] <... futex resumed>) = 1 [pid 8888] <... futex resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8895] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] rmdir("./267/file1" [pid 8896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8893] <... mount resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8896] setpgid(0, 0 [pid 5831] umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8896] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./267/binderfs", [pid 8896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8893] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 8896] <... openat resumed>) = 3 [pid 8896] write(3, "1000", 4 [pid 5831] unlink("./267/binderfs" [pid 8893] chdir("./file1" [pid 8896] <... write resumed>) = 4 [pid 8896] close(3 [pid 8893] <... chdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8896] <... close resumed>) = 0 [pid 8893] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] getdents64(3, [pid 8896] symlink("/dev/binderfs", "./binderfs" [pid 8893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8896] <... symlink resumed>) = 0 [pid 8893] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8896] write(1, "executing program\n", 18 [pid 8893] <... futex resumed>) = 1 [pid 8892] <... futex resumed>) = 0 [pid 5831] close(3 [pid 8896] <... write resumed>) = 18 [pid 8892] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... openat resumed>) = 3 [pid 8896] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8893] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8892] <... futex resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8896] <... futex resumed>) = 0 [pid 8892] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8896] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8896] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] rmdir("./267" [pid 8896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8893] <... openat resumed>) = 4 [pid 8890] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] getdents64(3, [pid 8896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8896] <... mmap resumed>) = 0x7f300ac28000 [pid 8895] <... futex resumed>) = ? [pid 5830] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8896] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8890] +++ killed by SIGSEGV +++ [pid 8896] <... mprotect resumed>) = 0 [pid 8896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8897 attached [pid 8897] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8897] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8897] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8896] <... clone3 resumed> => {parent_tid=[8897]}, 88) = 8897 [pid 8896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8896] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8897] <... futex resumed>) = 0 [pid 8896] <... futex resumed>) = 1 [pid 8897] memfd_create("syzkaller", 0 [pid 8896] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8897] <... memfd_create resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 8897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [ 230.828717][ T8893] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 230.848657][ T8890] exFAT-fs (loop4): Filesystem has been set read-only [pid 8897] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8893] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8892] <... futex resumed>) = 0 [pid 8892] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = 0 [pid 8893] mkdir("./file2", 0777 [pid 8892] <... futex resumed>) = 0 [pid 5830] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8892] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8897] <... write resumed>) = 131072 [pid 8895] +++ killed by SIGSEGV +++ [pid 8888] +++ killed by SIGSEGV +++ [pid 5831] mkdir("./268", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8888, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./263/file1", [pid 8897] munmap(0x7f3002800000, 138412032 [pid 5834] umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8897] <... munmap resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... openat resumed>) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8897] <... openat resumed>) = 4 [pid 5834] getdents64(3, [pid 8897] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8897] <... ioctl resumed>) = 0 [pid 8893] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8897] close(3 [pid 8893] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... ioctl resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./264/file1", [pid 5830] <... openat resumed>) = 4 [pid 5831] close(3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(4, "", [pid 8892] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8892] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(4, [pid 8892] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8892] <... mmap resumed>) = 0x7f300ac07000 [pid 5834] openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(4, [pid 8897] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5834] newfstatat(4, "", [pid 5830] close(4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 8897] close(4) = 0 ./strace-static-x86_64: Process 8898 attached [pid 8897] mkdir("./file1", 0777 [pid 5834] getdents64(4, [pid 5830] rmdir("./263/file1" [pid 8897] <... mkdir resumed>) = 0 [pid 8898] set_robust_list(0x55556b85b6a0, 24 [pid 8897] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... rmdir resumed>) = 0 [pid 8893] +++ killed by SIGSEGV +++ [pid 8892] +++ killed by SIGSEGV +++ [pid 5834] getdents64(4, [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8898 [pid 8898] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8892, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8898] chdir("./268" [pid 5834] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./263/binderfs", [pid 8898] <... chdir resumed>) = 0 [pid 5834] rmdir("./264/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8898] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... rmdir resumed>) = 0 [pid 5830] unlink("./263/binderfs" [pid 8898] <... prctl resumed>) = 0 [pid 5834] umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 8898] setpgid(0, 0 [pid 5834] newfstatat(AT_FDCWD, "./264/binderfs", [pid 5833] umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8898] <... setpgid resumed>) = 0 [pid 5834] unlink("./264/binderfs" [pid 5833] <... openat resumed>) = 3 [ 230.900762][ T8893] exFAT-fs (loop3): error, data size is invalid(9000) [ 230.913907][ T8893] exFAT-fs (loop3): Filesystem has been set read-only [ 230.922269][ T8897] loop2: detected capacity change from 0 to 256 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] newfstatat(3, "", [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] close(3 [pid 8898] <... openat resumed>) = 3 [pid 5834] getdents64(3, [pid 5833] getdents64(3, [pid 8898] write(3, "1000", 4 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 8898] <... write resumed>) = 4 [pid 5834] close(3 [pid 5833] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./263" [pid 8898] close(3 [pid 5834] <... close resumed>) = 0 executing program [pid 8898] <... close resumed>) = 0 [pid 5834] rmdir("./264" [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8898] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... rmdir resumed>) = 0 [pid 8898] <... symlink resumed>) = 0 [pid 5834] mkdir("./265", 0777 [pid 5833] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./264", 0777 [pid 8898] write(1, "executing program\n", 18) = 18 [pid 5834] <... mkdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 8898] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./267/file1", [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8898] <... futex resumed>) = 0 [pid 8898] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8898] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5833] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5834] <... openat resumed>) = 3 [pid 5833] openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... ioctl resumed>) = 0 [pid 8898] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8898] <... mprotect resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5830] close(3 [pid 8898] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... close resumed>) = 0 [pid 5834] close(3 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8898] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] getdents64(4, [pid 8898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8899 attached ./strace-static-x86_64: Process 8900 attached [pid 8899] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8898] <... clone3 resumed> => {parent_tid=[8899]}, 88) = 8899 [pid 8897] <... mount resumed>) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8900] set_robust_list(0x55556b85b6a0, 24 [pid 8899] <... rseq resumed>) = 0 [pid 8898] rt_sigprocmask(SIG_SETMASK, [], [pid 8897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8899] set_robust_list(0x7f300ac489a0, 24 [pid 8897] <... openat resumed>) = 3 [pid 5833] getdents64(4, [pid 8900] <... set_robust_list resumed>) = 0 [pid 8898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8900 ./strace-static-x86_64: Process 8901 attached [pid 8899] <... set_robust_list resumed>) = 0 [pid 8898] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8897] chdir("./file1" [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8901] set_robust_list(0x55556b85b6a0, 24 [pid 8900] chdir("./264" [pid 8899] rt_sigprocmask(SIG_SETMASK, [], [ 230.996540][ T8897] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8898] <... futex resumed>) = 0 [pid 8897] <... chdir resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8901 [pid 5833] close(4 [pid 8901] <... set_robust_list resumed>) = 0 [pid 8900] <... chdir resumed>) = 0 [pid 8899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8898] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8901] chdir("./265" [pid 8900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8899] memfd_create("syzkaller", 0 [pid 8897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... close resumed>) = 0 [pid 8900] <... prctl resumed>) = 0 [pid 8897] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./267/file1" [pid 8901] <... chdir resumed>) = 0 [pid 8900] setpgid(0, 0 [pid 8899] <... memfd_create resumed>) = 3 [pid 8897] <... futex resumed>) = 1 [pid 8896] <... futex resumed>) = 0 [pid 8901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8900] <... setpgid resumed>) = 0 [pid 8899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8897] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8896] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 8901] <... prctl resumed>) = 0 [pid 8900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8899] <... mmap resumed>) = 0x7f3002800000 [pid 8897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8896] <... futex resumed>) = 0 [pid 8901] setpgid(0, 0 [pid 8900] <... openat resumed>) = 3 [pid 5833] umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8900] write(3, "1000", 4 [pid 8897] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8900] <... write resumed>) = 4 [pid 8900] close(3 [pid 8897] <... openat resumed>) = 4 [pid 8896] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8901] <... setpgid resumed>) = 0 [pid 8900] <... close resumed>) = 0 [pid 8897] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8900] symlink("/dev/binderfs", "./binderfs" [pid 8899] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8897] <... futex resumed>) = 1 [pid 8896] <... futex resumed>) = 0 [pid 8901] <... openat resumed>) = 3 [pid 8900] <... symlink resumed>) = 0 [pid 8897] mkdir("./file2", 0777 [pid 8896] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./267/binderfs", [pid 8900] write(1, "executing program\n", 18 [pid 8901] write(3, "1000", 4 [pid 8899] <... write resumed>) = 131072 [pid 8901] <... write resumed>) = 4 [pid 8896] <... futex resumed>) = 0 [pid 8901] close(3 [pid 8896] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8901] <... close resumed>) = 0 [pid 8899] munmap(0x7f3002800000, 138412032 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8900] <... write resumed>) = 18 [pid 8901] symlink("/dev/binderfs", "./binderfs" [pid 8899] <... munmap resumed>) = 0 [pid 8901] <... symlink resumed>) = 0 [pid 8899] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 8901] write(1, "executing program\n", 18 [pid 8899] <... openat resumed>) = 4 [pid 8901] <... write resumed>) = 18 [pid 8899] ioctl(4, LOOP_SET_FD, 3 [pid 8901] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8900] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] unlink("./267/binderfs" [pid 8900] <... futex resumed>) = 0 [pid 8901] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8900] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8901] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8900] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8901] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8900] <... mmap resumed>) = 0x7f300ac28000 [pid 8901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8900] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] getdents64(3, [pid 8901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8900] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8900] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] close(3 [pid 8900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8901] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... close resumed>) = 0 ./strace-static-x86_64: Process 8902 attached [pid 8901] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8900] <... clone3 resumed> => {parent_tid=[8902]}, 88) = 8902 [pid 8901] <... mprotect resumed>) = 0 [pid 8902] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8901] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8900] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] rmdir("./267" [pid 8902] <... rseq resumed>) = 0 [pid 8901] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8902] set_robust_list(0x7f300ac489a0, 24 [pid 8900] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8902] <... set_robust_list resumed>) = 0 [pid 8901] <... clone3 resumed> => {parent_tid=[8903]}, 88) = 8903 ./strace-static-x86_64: Process 8903 attached [pid 8902] rt_sigprocmask(SIG_SETMASK, [], [pid 8901] rt_sigprocmask(SIG_SETMASK, [], [pid 8900] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8901] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8900] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] mkdir("./268", 0777 [pid 8901] <... futex resumed>) = 0 [pid 8899] <... ioctl resumed>) = 0 [pid 8903] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8901] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8899] close(3 [pid 5833] <... mkdir resumed>) = 0 [pid 8903] <... rseq resumed>) = 0 [pid 8899] <... close resumed>) = 0 [pid 8903] set_robust_list(0x7f300ac489a0, 24 [pid 8899] close(4 [pid 8902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8903] <... set_robust_list resumed>) = 0 [pid 8899] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8903] rt_sigprocmask(SIG_SETMASK, [], [pid 8899] mkdir("./file1", 0777 [pid 8902] memfd_create("syzkaller", 0 [pid 5833] <... openat resumed>) = 3 [pid 8903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8902] <... memfd_create resumed>) = 3 [pid 8899] <... mkdir resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8903] memfd_create("syzkaller", 0 [pid 8902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8899] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5833] <... ioctl resumed>) = 0 [pid 8903] <... memfd_create resumed>) = 3 [pid 8902] <... mmap resumed>) = 0x7f3002800000 [pid 5833] close(3 [pid 8903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8903] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... close resumed>) = 0 [pid 8903] <... write resumed>) = 131072 [pid 8902] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8903] munmap(0x7f3002800000, 138412032) = 0 [pid 8897] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8903] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8902] <... write resumed>) = 131072 [pid 8896] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8896] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8896] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [ 231.072654][ T8897] exFAT-fs (loop2): error, data size is invalid(9000) [ 231.087870][ T8899] loop1: detected capacity change from 0 to 256 [ 231.104992][ T8897] exFAT-fs (loop2): Filesystem has been set read-only [pid 8896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8903] <... openat resumed>) = 4 [pid 8903] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 8904 attached [pid 8902] munmap(0x7f3002800000, 138412032 [pid 8896] <... rt_sigprocmask resumed> ) = ? [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8904 [pid 8902] <... munmap resumed>) = 0 [pid 8904] set_robust_list(0x55556b85b6a0, 24 [pid 8902] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8897] +++ killed by SIGSEGV +++ [pid 8896] +++ killed by SIGSEGV +++ [pid 8904] <... set_robust_list resumed>) = 0 [pid 8904] chdir("./268" [pid 8902] <... openat resumed>) = 4 [pid 8904] <... chdir resumed>) = 0 [pid 8902] ioctl(4, LOOP_SET_FD, 3 [pid 8904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8896, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8903] <... ioctl resumed>) = 0 [pid 8903] close(3) = 0 [pid 8903] close(4) = 0 [pid 8903] mkdir("./file1", 0777) = 0 [pid 8903] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8899] <... mount resumed>) = 0 [pid 8904] <... prctl resumed>) = 0 [pid 8904] setpgid(0, 0) = 0 [pid 8899] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8899] chdir("./file1") = 0 [pid 8899] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8899] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8899] <... futex resumed>) = 1 [pid 8898] <... futex resumed>) = 0 [pid 8899] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8898] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8899] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8904] <... openat resumed>) = 3 [ 231.149910][ T8903] loop4: detected capacity change from 0 to 256 [ 231.156281][ T8899] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 231.176673][ T8902] loop0: detected capacity change from 0 to 256 [pid 8902] <... ioctl resumed>) = 0 [pid 8904] write(3, "1000", 4 [pid 8899] <... openat resumed>) = 4 [pid 8898] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8904] <... write resumed>) = 4 [pid 8902] close(3 [pid 8898] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8904] close(3 [pid 8902] <... close resumed>) = 0 [pid 8902] close(4 [pid 8904] <... close resumed>) = 0 [pid 8902] <... close resumed>) = 0 [pid 5832] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8904] symlink("/dev/binderfs", "./binderfs" [pid 8902] mkdir("./file1", 0777 [pid 8899] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8899] <... futex resumed>) = 1 [pid 5832] newfstatat(AT_FDCWD, "./260/file1", [pid 8902] <... mkdir resumed>) = 0 [pid 8899] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./260/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8904] <... symlink resumed>) = 0 [pid 8902] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8898] <... futex resumed>) = 0 [pid 8904] write(1, "executing program\n", 18executing program [pid 8898] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8904] <... write resumed>) = 18 [pid 8898] <... futex resumed>) = 1 [pid 8904] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8899] <... futex resumed>) = 0 [pid 8898] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "./260/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8904] <... futex resumed>) = 0 [pid 8899] mkdir("./file2", 0777 [pid 5832] <... openat resumed>) = 4 [pid 8904] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./260/file1") = 0 [pid 5832] umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./260/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./260") = 0 [pid 5832] mkdir("./261", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 8904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [ 231.218725][ T8903] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 231.246152][ T8899] exFAT-fs (loop1): error, data size is invalid(9000) [ 231.256496][ T8902] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8903] <... mount resumed>) = 0 [pid 5832] close(3 [pid 8904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8898] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8904] <... mmap resumed>) = 0x7f300ac28000 [pid 8898] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8904] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8898] <... futex resumed>) = 0 [pid 8904] <... mprotect resumed>) = 0 [pid 8903] <... openat resumed>) = 3 [pid 8898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8903] chdir("./file1" [pid 8898] <... mmap resumed>) = 0x7f300ac07000 [pid 8898] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8904] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8903] <... chdir resumed>) = 0 [pid 8898] <... mprotect resumed>) = 0 [pid 8904] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8903] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8898] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... close resumed>) = 0 [pid 8898] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8905 attached [pid 8898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8902] <... mount resumed>) = 0 ./strace-static-x86_64: Process 8907 attached ./strace-static-x86_64: Process 8906 attached [pid 8905] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8904] <... clone3 resumed> => {parent_tid=[8905]}, 88) = 8905 [pid 8903] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8902] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8899] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8898] <... clone3 resumed> => {parent_tid=[8906]}, 88) = 8906 [pid 8907] set_robust_list(0x55556b85b6a0, 24 [pid 8906] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8905] <... rseq resumed>) = 0 [pid 8904] rt_sigprocmask(SIG_SETMASK, [], [pid 8903] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8902] <... openat resumed>) = 3 [pid 8898] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8907 [pid 8907] <... set_robust_list resumed>) = 0 [pid 8906] <... rseq resumed>) = 0 [pid 8905] set_robust_list(0x7f300ac489a0, 24 [pid 8904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8903] <... futex resumed>) = 1 [pid 8902] chdir("./file1" [pid 8901] <... futex resumed>) = 0 [pid 8899] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8898] <... rt_sigprocmask resumed>) = ? [pid 8907] chdir("./261" [pid 8905] <... set_robust_list resumed>) = 0 [pid 8904] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8903] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8902] <... chdir resumed>) = 0 [pid 8901] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8907] <... chdir resumed>) = 0 [pid 8905] rt_sigprocmask(SIG_SETMASK, [], [pid 8904] <... futex resumed>) = 0 [pid 8903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8901] <... futex resumed>) = 0 [pid 8903] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8901] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8904] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8905] memfd_create("syzkaller", 0 [pid 8902] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8905] <... memfd_create resumed>) = 3 [pid 8905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 231.280590][ T8899] exFAT-fs (loop1): Filesystem has been set read-only [pid 8907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8905] <... mmap resumed>) = 0x7f3002800000 [pid 8903] <... openat resumed>) = 4 [pid 8903] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8901] <... futex resumed>) = 0 [pid 8903] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8901] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8901] <... futex resumed>) = 0 [pid 8903] mkdir("./file2", 0777 [pid 8901] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8907] setpgid(0, 0 [pid 8905] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8907] <... setpgid resumed>) = 0 [pid 8902] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8902] <... futex resumed>) = 1 [pid 8900] <... futex resumed>) = 0 [pid 8902] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8900] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8900] <... futex resumed>) = 0 [pid 8902] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8900] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8902] <... openat resumed>) = 4 [pid 8899] +++ killed by SIGSEGV +++ [pid 8906] +++ killed by SIGSEGV +++ [pid 8898] +++ killed by SIGSEGV +++ [pid 8907] <... openat resumed>) = 3 [pid 8905] <... write resumed>) = 131072 [pid 8902] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8907] write(3, "1000", 4 [pid 8902] <... futex resumed>) = 1 [pid 8900] <... futex resumed>) = 0 [pid 8905] munmap(0x7f3002800000, 138412032 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8898, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8907] <... write resumed>) = 4 [pid 8902] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8900] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8900] <... futex resumed>) = 0 [pid 8900] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... restart_syscall resumed>) = 0 [pid 8907] close(3 [pid 8905] <... munmap resumed>) = 0 [pid 8907] <... close resumed>) = 0 [ 231.345216][ T8903] exFAT-fs (loop4): error, data size is invalid(9000) [ 231.362420][ T8903] exFAT-fs (loop4): Filesystem has been set read-only [pid 8907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8902] mkdir("./file2", 0777 [pid 8907] write(1, "executing program\n", 18 [pid 8903] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8903] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8901] <... futex resumed>) = ? executing program [pid 8907] <... write resumed>) = 18 [pid 8905] <... openat resumed>) = 4 [pid 8903] +++ killed by SIGSEGV +++ [pid 8901] +++ killed by SIGSEGV +++ [pid 5831] umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8907] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8905] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8901, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8907] <... futex resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 8907] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8907] <... mmap resumed>) = 0x7f300ac28000 [pid 8902] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8900] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8902] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8907] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8905] <... ioctl resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 8907] <... mprotect resumed>) = 0 [pid 8902] +++ killed by SIGSEGV +++ [pid 5834] newfstatat(3, "", [pid 8907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8908 attached [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8907] <... clone3 resumed> => {parent_tid=[8908]}, 88) = 8908 [pid 8908] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8907] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] getdents64(3, [pid 5831] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8908] <... rseq resumed>) = 0 [pid 8907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8905] close(3 [pid 8900] +++ killed by SIGSEGV +++ [pid 8908] set_robust_list(0x7f300ac489a0, 24 [pid 8905] <... close resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8908] <... set_robust_list resumed>) = 0 [pid 8905] close(4 [pid 8908] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8900, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8905] <... close resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8908] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8905] mkdir("./file1", 0777 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8907] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8908] <... futex resumed>) = 0 [pid 8907] <... futex resumed>) = 1 [pid 8905] <... mkdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./268/file1", [pid 8908] memfd_create("syzkaller", 0 [pid 8907] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8905] mount("/dev/loop3", "./file1", "exfat", 0, "" [ 231.389312][ T8902] exFAT-fs (loop0): error, data size is invalid(9000) [ 231.396235][ T8902] exFAT-fs (loop0): Filesystem has been set read-only [ 231.408046][ T8905] loop3: detected capacity change from 0 to 256 [pid 5834] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8908] <... memfd_create resumed>) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] newfstatat(AT_FDCWD, "./265/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./268/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./268/file1") = 0 [pid 5831] umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./268/binderfs") = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 8908] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] rmdir("./268" [pid 8908] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] mkdir("./269", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(3, "", [pid 8908] <... write resumed>) = 131072 [pid 5834] openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 5834] <... openat resumed>) = 4 [pid 5830] getdents64(3, [pid 8908] munmap(0x7f3002800000, 138412032 [pid 5834] newfstatat(4, "", [pid 8908] <... munmap resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] getdents64(4, [pid 5830] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8908] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] <... close resumed>) = 0 [pid 8908] <... openat resumed>) = 4 [pid 5834] getdents64(4, [pid 8908] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [ 231.457411][ T8905] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5834] close(4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8909 attached [pid 8905] <... mount resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8909] set_robust_list(0x55556b85b6a0, 24 [pid 5834] rmdir("./265/file1" [pid 5830] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8905] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8909] <... set_robust_list resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8909 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8909] chdir("./269" [pid 8905] <... openat resumed>) = 3 [pid 5834] umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./264/file1", [pid 8909] <... chdir resumed>) = 0 [pid 8905] chdir("./file1" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8909] setpgid(0, 0 [pid 8908] <... ioctl resumed>) = 0 [pid 8905] <... chdir resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./265/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8909] <... setpgid resumed>) = 0 [pid 8908] close(3 [pid 8905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8908] <... close resumed>) = 0 [pid 8905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8908] close(4 [pid 8905] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] unlink("./265/binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8908] <... close resumed>) = 0 [pid 8905] <... futex resumed>) = 1 [pid 8909] <... openat resumed>) = 3 [pid 8908] mkdir("./file1", 0777 [pid 8905] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8904] <... futex resumed>) = 0 [pid 5834] <... unlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8909] write(3, "1000", 4 [pid 8908] <... mkdir resumed>) = 0 [pid 8909] <... write resumed>) = 4 [pid 8908] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8904] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] getdents64(3, [pid 5830] <... openat resumed>) = 4 [pid 8909] close(3 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(4, "", [pid 8905] <... futex resumed>) = 0 [pid 8904] <... futex resumed>) = 1 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8905] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8904] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] close(3 [pid 5830] getdents64(4, [pid 8909] <... close resumed>) = 0 [pid 8909] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8909] <... symlink resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] getdents64(4, executing program [pid 8909] write(1, "executing program\n", 18) = 18 [pid 5834] rmdir("./265" [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8909] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8909] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] <... rmdir resumed>) = 0 [pid 5830] close(4 [pid 8909] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... close resumed>) = 0 [pid 8909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] rmdir("./264/file1" [pid 8909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 5830] <... rmdir resumed>) = 0 [pid 8909] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8909] <... mprotect resumed>) = 0 [pid 8905] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 231.505279][ T8908] loop2: detected capacity change from 0 to 256 [pid 8909] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] newfstatat(AT_FDCWD, "./264/binderfs", [pid 8909] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8905] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mkdir("./266", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8910 attached [pid 5834] <... mkdir resumed>) = 0 [pid 5830] unlink("./264/binderfs" [pid 8910] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8909] <... clone3 resumed> => {parent_tid=[8910]}, 88) = 8910 [pid 8910] <... rseq resumed>) = 0 [pid 8909] rt_sigprocmask(SIG_SETMASK, [], [pid 8910] set_robust_list(0x7f300ac489a0, 24 [pid 8909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8910] <... set_robust_list resumed>) = 0 [pid 8909] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8910] rt_sigprocmask(SIG_SETMASK, [], [pid 8909] <... futex resumed>) = 0 [pid 8910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8909] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8910] memfd_create("syzkaller", 0 [pid 8905] <... futex resumed>) = 1 [pid 8904] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8910] <... memfd_create resumed>) = 3 [pid 8910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8910] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8905] mkdir("./file2", 0777 [pid 8904] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8910] <... write resumed>) = 131072 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8904] <... futex resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5830] close(3 [pid 8910] munmap(0x7f3002800000, 138412032) = 0 [pid 8904] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./264" [pid 5834] <... ioctl resumed>) = 0 [pid 8910] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5830] mkdir("./265", 0777 [pid 8910] <... openat resumed>) = 4 [ 231.569884][ T8908] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 231.587289][ T8905] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8910] ioctl(4, LOOP_SET_FD, 3 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 8911 attached [pid 8911] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8911 [pid 5830] <... openat resumed>) = 3 [pid 8911] <... set_robust_list resumed>) = 0 [pid 8911] chdir("./266") = 0 [pid 8911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8911] setpgid(0, 0) = 0 [pid 8911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8911] write(3, "1000", 4) = 4 [pid 8911] close(3) = 0 [pid 8911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 8908] <... mount resumed>) = 0 [pid 8905] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] close(3executing program [pid 8905] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8911] write(1, "executing program\n", 18 [pid 8904] <... futex resumed>) = ? [pid 8911] <... write resumed>) = 18 [pid 8911] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8911] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8911] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8911] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8908] chdir("./file1") = 0 [pid 8905] +++ killed by SIGSEGV +++ [pid 8904] +++ killed by SIGSEGV +++ [pid 8911] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8908] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8904, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- ./strace-static-x86_64: Process 8912 attached [pid 8910] <... ioctl resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8908] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... close resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 8912] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8911] <... clone3 resumed> => {parent_tid=[8912]}, 88) = 8912 [pid 8910] close(3 [pid 8908] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8912] <... rseq resumed>) = 0 [pid 8911] rt_sigprocmask(SIG_SETMASK, [], [pid 8910] <... close resumed>) = 0 [pid 8908] <... futex resumed>) = 1 [pid 8907] <... futex resumed>) = 0 [pid 8912] set_robust_list(0x7f300ac489a0, 24 [pid 8911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8910] close(4 [pid 5833] umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8913 attached [pid 8912] <... set_robust_list resumed>) = 0 [pid 8911] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8910] <... close resumed>) = 0 [pid 8908] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8907] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8913] set_robust_list(0x55556b85b6a0, 24 [pid 8912] rt_sigprocmask(SIG_SETMASK, [], [pid 8911] <... futex resumed>) = 0 [pid 8910] mkdir("./file1", 0777 [pid 5833] openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8913] <... set_robust_list resumed>) = 0 [pid 8912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8911] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8910] <... mkdir resumed>) = 0 [pid 8908] <... openat resumed>) = 4 [pid 8907] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8913 [pid 8913] chdir("./265" [pid 8907] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8913] <... chdir resumed>) = 0 [pid 8908] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8908] <... futex resumed>) = 0 [pid 8907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8913] <... prctl resumed>) = 0 [pid 8908] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 231.612828][ T8910] loop1: detected capacity change from 0 to 256 [ 231.625687][ T8905] exFAT-fs (loop3): Filesystem has been set read-only [pid 8907] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8913] setpgid(0, 0 [pid 8912] memfd_create("syzkaller", 0 [pid 8910] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8907] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8913] <... setpgid resumed>) = 0 [pid 8908] mkdir("./file2", 0777 [pid 8907] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8912] <... memfd_create resumed>) = 3 [pid 8912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8912] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8912] <... write resumed>) = 131072 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8912] munmap(0x7f3002800000, 138412032) = 0 [pid 8908] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] newfstatat(AT_FDCWD, "./268/file1", [pid 8913] <... openat resumed>) = 3 [pid 8908] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8913] write(3, "1000", 4 [pid 5833] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8907] <... futex resumed>) = ? [pid 8913] <... write resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8913] close(3 [pid 5833] openat(AT_FDCWD, "./268/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8913] <... close resumed>) = 0 [pid 8913] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... openat resumed>) = 4 [pid 8913] <... symlink resumed>) = 0 [pid 5833] newfstatat(4, "", executing program [pid 8913] write(1, "executing program\n", 18 [pid 8912] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8913] <... write resumed>) = 18 [pid 8912] <... openat resumed>) = 4 [pid 5833] getdents64(4, [pid 8913] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8913] <... futex resumed>) = 0 [pid 8912] ioctl(4, LOOP_SET_FD, 3 [pid 5833] getdents64(4, [pid 8913] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8913] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] close(4 [pid 8913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8908] +++ killed by SIGSEGV +++ [pid 8907] +++ killed by SIGSEGV +++ [pid 5833] <... close resumed>) = 0 [pid 8913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] rmdir("./268/file1" [pid 8913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8913] <... mmap resumed>) = 0x7f300ac28000 [pid 8913] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8907, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8913] <... mprotect resumed>) = 0 [pid 5833] umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] newfstatat(AT_FDCWD, "./268/binderfs", [pid 5832] umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8914 attached [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8914] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8913] <... clone3 resumed> => {parent_tid=[8914]}, 88) = 8914 [pid 5833] unlink("./268/binderfs" [pid 8914] <... rseq resumed>) = 0 [pid 8913] rt_sigprocmask(SIG_SETMASK, [], [ 231.671320][ T8908] exFAT-fs (loop2): error, data size is invalid(9000) [ 231.689512][ T8908] exFAT-fs (loop2): Filesystem has been set read-only [ 231.705257][ T8912] loop4: detected capacity change from 0 to 256 [pid 5832] openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8914] set_robust_list(0x7f300ac489a0, 24 [pid 8913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8914] <... set_robust_list resumed>) = 0 [pid 8913] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(3, [pid 5832] newfstatat(3, "", [pid 8914] rt_sigprocmask(SIG_SETMASK, [], [pid 8913] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8914] memfd_create("syzkaller", 0 [pid 8913] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8912] <... ioctl resumed>) = 0 [pid 8910] <... mount resumed>) = 0 [pid 5833] close(3 [pid 5832] getdents64(3, [pid 8914] <... memfd_create resumed>) = 3 [pid 8914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8912] close(3 [pid 5833] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8914] <... mmap resumed>) = 0x7f3002800000 [pid 8912] <... close resumed>) = 0 [pid 8910] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] rmdir("./268" [pid 5832] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8914] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8912] close(4) = 0 [pid 8910] <... openat resumed>) = 3 [pid 8912] mkdir("./file1", 0777 [pid 8910] chdir("./file1" [pid 8912] <... mkdir resumed>) = 0 [pid 8910] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8912] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8910] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... rmdir resumed>) = 0 [pid 8914] <... write resumed>) = 131072 [pid 8910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] mkdir("./269", 0777 [pid 5832] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8910] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./261/file1", [pid 8910] <... futex resumed>) = 1 [pid 8909] <... futex resumed>) = 0 [pid 8914] munmap(0x7f3002800000, 138412032 [pid 8910] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8909] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8914] <... munmap resumed>) = 0 [pid 8910] <... openat resumed>) = 4 [pid 8909] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./261/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 231.723845][ T8910] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8910] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8914] ioctl(4, LOOP_SET_FD, 3 [pid 8909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "./261/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8910] <... futex resumed>) = 0 [pid 8909] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] <... openat resumed>) = 4 [pid 8910] mkdir("./file2", 0777 [pid 8909] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8914] <... ioctl resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8914] close(3 [pid 5833] close(3 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8914] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 8914] close(4 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8915 attached [pid 8914] <... close resumed>) = 0 [pid 5832] close(4 [pid 8915] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... close resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8915 [pid 8915] <... set_robust_list resumed>) = 0 [pid 8914] mkdir("./file1", 0777 [pid 8915] chdir("./269" [pid 8914] <... mkdir resumed>) = 0 [ 231.780928][ T8914] loop0: detected capacity change from 0 to 256 [ 231.791119][ T8910] exFAT-fs (loop1): error, data size is invalid(9000) [ 231.801724][ T8912] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8915] <... chdir resumed>) = 0 [pid 8914] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5832] rmdir("./261/file1" [pid 8915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8910] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8915] <... prctl resumed>) = 0 [pid 8910] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8909] <... futex resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8915] setpgid(0, 0 [pid 5832] umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8915] <... setpgid resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8912] <... mount resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./261/binderfs", [pid 8915] <... openat resumed>) = 3 [pid 8910] +++ killed by SIGSEGV +++ [pid 8909] +++ killed by SIGSEGV +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8915] write(3, "1000", 4 [pid 5832] unlink("./261/binderfs" [pid 8915] <... write resumed>) = 4 [pid 5832] <... unlink resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8909, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8915] close(3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8915] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 8915] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8915] write(1, "executing program\n", 18 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8915] <... write resumed>) = 18 [pid 8915] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8912] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 231.828678][ T8910] exFAT-fs (loop1): Filesystem has been set read-only [pid 8915] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8912] chdir("./file1" [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8915] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... close resumed>) = 0 [pid 8915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... openat resumed>) = 3 [pid 8915] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] newfstatat(3, "", [pid 8915] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8915] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8912] <... chdir resumed>) = 0 [pid 8915] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8912] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8912] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8911] <... futex resumed>) = 0 [pid 8911] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8912] <... futex resumed>) = 0 [pid 8911] <... futex resumed>) = 1 [pid 8912] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8911] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8916 attached [pid 8912] <... openat resumed>) = 4 [pid 5832] rmdir("./261" [pid 5831] getdents64(3, [pid 8912] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8911] <... futex resumed>) = 0 [pid 8911] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8911] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8912] mkdir("./file2", 0777 [pid 8916] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8915] <... clone3 resumed> => {parent_tid=[8916]}, 88) = 8916 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8915] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] mkdir("./262", 0777 [pid 8916] <... rseq resumed>) = 0 [pid 8915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 8916] set_robust_list(0x7f300ac489a0, 24 [pid 8915] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8916] <... set_robust_list resumed>) = 0 [ 231.866216][ T8914] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 231.891432][ T8912] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8916] rt_sigprocmask(SIG_SETMASK, [], [pid 8915] <... futex resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8915] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8916] memfd_create("syzkaller", 0 [pid 8912] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 8914] <... mount resumed>) = 0 [pid 8914] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8914] chdir("./file1") = 0 [pid 8914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8914] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8914] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8912] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8916] <... memfd_create resumed>) = 3 [pid 8913] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./269/file1", [pid 8913] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8914] <... futex resumed>) = 0 [pid 8913] <... futex resumed>) = 1 [pid 8911] <... futex resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8914] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8913] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8912] +++ killed by SIGSEGV +++ [pid 8911] +++ killed by SIGSEGV +++ [pid 8916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8911, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8917 attached [pid 8916] <... mmap resumed>) = 0x7f3002800000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8914] <... openat resumed>) = 4 [pid 8914] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8914] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8916] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8913] <... futex resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8917 [pid 5831] openat(AT_FDCWD, "./269/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8913] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8917] set_robust_list(0x55556b85b6a0, 24 [pid 8914] <... futex resumed>) = 0 [ 231.910975][ T8912] exFAT-fs (loop4): Filesystem has been set read-only [pid 8913] <... futex resumed>) = 1 [pid 5831] newfstatat(4, "", [pid 8917] <... set_robust_list resumed>) = 0 [pid 8914] mkdir("./file2", 0777 [pid 8917] chdir("./262" [pid 8916] <... write resumed>) = 131072 [pid 8913] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8917] <... chdir resumed>) = 0 [pid 8916] munmap(0x7f3002800000, 138412032 [pid 5831] getdents64(4, [pid 8917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8916] <... munmap resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8917] setpgid(0, 0 [pid 5831] getdents64(4, [pid 8917] <... setpgid resumed>) = 0 [pid 8916] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(4 [pid 8917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8916] <... openat resumed>) = 4 [pid 5834] openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] rmdir("./269/file1" [pid 8917] <... openat resumed>) = 3 [pid 8916] ioctl(4, LOOP_SET_FD, 3 [pid 5834] newfstatat(3, "", [pid 5831] <... rmdir resumed>) = 0 [pid 8917] write(3, "1000", 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8917] <... write resumed>) = 4 [pid 8917] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8917] <... close resumed>) = 0 [pid 5834] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./269/binderfs", [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./269/binderfs") = 0 [pid 8914] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8917] symlink("/dev/binderfs", "./binderfs" [pid 5834] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, executing program [pid 8914] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8917] <... symlink resumed>) = 0 [pid 5831] close(3 [pid 8917] write(1, "executing program\n", 18 [pid 5831] <... close resumed>) = 0 [pid 8917] <... write resumed>) = 18 [pid 8917] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8914] +++ killed by SIGSEGV +++ [pid 8913] <... futex resumed>) = ? [pid 5834] <... umount2 resumed>) = 0 [pid 8917] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] rmdir("./269" [pid 8917] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] mkdir("./270", 0777 [pid 8917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8913] +++ killed by SIGSEGV +++ [pid 5834] newfstatat(AT_FDCWD, "./266/file1", [pid 5831] <... mkdir resumed>) = 0 [pid 8917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8913, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8917] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 8917] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5834] openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... ioctl resumed>) = 0 [pid 8917] <... mprotect resumed>) = 0 [pid 8916] <... ioctl resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5831] close(3 [pid 5830] umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8917] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8916] close(3 [ 231.954705][ T8914] exFAT-fs (loop0): error, data size is invalid(9000) [ 231.966334][ T8914] exFAT-fs (loop0): Filesystem has been set read-only [ 231.977731][ T8916] loop3: detected capacity change from 0 to 256 [pid 5834] newfstatat(4, "", [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8917] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8916] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8916] close(4 [pid 5830] <... openat resumed>) = 3 [pid 8916] <... close resumed>) = 0 ./strace-static-x86_64: Process 8918 attached [pid 5834] getdents64(4, [pid 8916] mkdir("./file1", 0777 [pid 5830] newfstatat(3, "", [pid 8918] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8917] <... clone3 resumed> => {parent_tid=[8918]}, 88) = 8918 [pid 8918] <... rseq resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8917] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(3, [pid 8918] set_robust_list(0x7f300ac489a0, 24 [pid 8917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8918] <... set_robust_list resumed>) = 0 [pid 8917] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8918] rt_sigprocmask(SIG_SETMASK, [], [pid 8917] <... futex resumed>) = 0 [pid 8916] <... mkdir resumed>) = 0 [pid 8918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8917] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8916] mount("/dev/loop3", "./file1", "exfat", 0, ""./strace-static-x86_64: Process 8919 attached [pid 5834] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8919 [pid 5834] close(4) = 0 [pid 5834] rmdir("./266/file1" [pid 8919] set_robust_list(0x55556b85b6a0, 24 [pid 8918] memfd_create("syzkaller", 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8919] <... set_robust_list resumed>) = 0 [pid 5834] umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8919] chdir("./270" [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8919] <... chdir resumed>) = 0 [pid 5834] newfstatat(AT_FDCWD, "./266/binderfs", [pid 8919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./266/binderfs") = 0 [pid 5834] getdents64(3, [pid 5830] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./266") = 0 [pid 5834] mkdir("./267", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8919] <... prctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8919] setpgid(0, 0 [pid 8918] <... memfd_create resumed>) = 3 [pid 5834] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./265/file1", [pid 8919] <... setpgid resumed>) = 0 [pid 8918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8918] <... mmap resumed>) = 0x7f3002800000 [pid 5830] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8919] <... openat resumed>) = 3 [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(3) = 0 [pid 8918] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8919] write(3, "1000", 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8920 attached [pid 8919] <... write resumed>) = 4 [pid 5830] openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8919] close(3 [pid 8920] set_robust_list(0x55556b85b6a0, 24 [pid 8919] <... close resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8920 [pid 5830] <... openat resumed>) = 4 [pid 8920] <... set_robust_list resumed>) = 0 [pid 8919] symlink("/dev/binderfs", "./binderfs" [pid 8920] chdir("./267") = 0 [pid 8920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8920] setpgid(0, 0) = 0 [pid 8920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8920] write(3, "1000", 4 [pid 8919] <... symlink resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 8920] <... write resumed>) = 4 [pid 8920] close(3 [pid 8918] <... write resumed>) = 131072 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8920] <... close resumed>) = 0 [pid 8920] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8920] write(1, "executing program\n", 18) = 18 [pid 8920] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8920] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8920] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8919] write(1, "executing program\n", 18 [pid 5830] getdents64(4, [pid 8920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8921 attached [pid 8921] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8921] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8921] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 8920] <... clone3 resumed> => {parent_tid=[8921]}, 88) = 8921 [pid 8921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8920] rt_sigprocmask(SIG_SETMASK, [], [pid 8919] <... write resumed>) = 18 [pid 8918] munmap(0x7f3002800000, 138412032 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8921] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8919] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8920] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8918] <... munmap resumed>) = 0 [pid 8921] <... futex resumed>) = 0 [pid 8920] <... futex resumed>) = 1 [pid 8919] <... futex resumed>) = 0 [pid 8918] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] getdents64(4, [pid 8919] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8921] memfd_create("syzkaller", 0 [pid 8920] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8921] <... memfd_create resumed>) = 3 [pid 8919] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8918] <... openat resumed>) = 4 [pid 5830] close(4 [pid 8921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8921] <... mmap resumed>) = 0x7f3002800000 [pid 8919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8918] ioctl(4, LOOP_SET_FD, 3 [pid 8916] <... mount resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8921] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [ 232.064689][ T8916] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8921] <... write resumed>) = 131072 [pid 8919] <... mmap resumed>) = 0x7f300ac28000 [pid 8918] <... ioctl resumed>) = 0 [pid 8916] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] rmdir("./265/file1" [pid 8916] <... openat resumed>) = 3 [pid 8921] munmap(0x7f3002800000, 138412032 [pid 8919] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8918] close(3 [pid 8916] chdir("./file1" [pid 5830] <... rmdir resumed>) = 0 [pid 8919] <... mprotect resumed>) = 0 [pid 8918] <... close resumed>) = 0 [pid 8916] <... chdir resumed>) = 0 [pid 5830] umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8921] <... munmap resumed>) = 0 [pid 8919] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8918] close(4 [pid 8916] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8921] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8919] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8918] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8921] <... openat resumed>) = 4 [pid 8919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8918] mkdir("./file1", 0777 [pid 8916] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./265/binderfs", ./strace-static-x86_64: Process 8922 attached [pid 8921] ioctl(4, LOOP_SET_FD, 3 [pid 8918] <... mkdir resumed>) = 0 [pid 8916] <... futex resumed>) = 1 [pid 8915] <... futex resumed>) = 0 [pid 8922] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8922] <... rseq resumed>) = 0 [pid 5830] unlink("./265/binderfs" [pid 8916] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8915] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8918] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8922] set_robust_list(0x7f300ac489a0, 24 [pid 8919] <... clone3 resumed> => {parent_tid=[8922]}, 88) = 8922 [pid 8916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8915] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8915] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8919] rt_sigprocmask(SIG_SETMASK, [], [pid 8916] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] getdents64(3, [pid 8922] <... set_robust_list resumed>) = 0 [pid 8922] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] close(3) = 0 [pid 8921] <... ioctl resumed>) = 0 [pid 8922] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8916] <... openat resumed>) = 4 [ 232.111228][ T8918] loop2: detected capacity change from 0 to 256 [ 232.136090][ T8921] loop4: detected capacity change from 0 to 256 [pid 5830] rmdir("./265" [pid 8921] close(3 [pid 8919] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8916] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8922] <... futex resumed>) = 0 [pid 8919] <... futex resumed>) = 1 [pid 8916] <... futex resumed>) = 1 [pid 8915] <... futex resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8922] memfd_create("syzkaller", 0 [pid 8921] <... close resumed>) = 0 [pid 8919] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8916] mkdir("./file2", 0777 [pid 8915] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] mkdir("./266", 0777 [pid 8921] close(4) = 0 [pid 8921] mkdir("./file1", 0777) = 0 [pid 8921] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8918] <... mount resumed>) = 0 [pid 8922] <... memfd_create resumed>) = 3 [pid 8915] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8918] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8916] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8915] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8922] <... mmap resumed>) = 0x7f3002800000 [pid 8918] <... openat resumed>) = 3 [pid 8916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8918] chdir("./file1" [pid 8922] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8918] <... chdir resumed>) = 0 [pid 8915] <... futex resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 8918] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8922] <... write resumed>) = 131072 [pid 8918] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 232.163533][ T8918] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 232.179994][ T8916] exFAT-fs (loop3): error, data size is invalid(9000) [ 232.187896][ T8916] exFAT-fs (loop3): Filesystem has been set read-only [pid 8922] munmap(0x7f3002800000, 138412032 [pid 8918] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8922] <... munmap resumed>) = 0 [pid 8916] +++ killed by SIGSEGV +++ [pid 8915] +++ killed by SIGSEGV +++ [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8918] <... futex resumed>) = 1 [pid 8917] <... futex resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8915, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8917] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8917] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8918] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", [pid 8922] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, [pid 5830] <... ioctl resumed>) = 0 [pid 8922] <... openat resumed>) = 4 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8922] ioctl(4, LOOP_SET_FD, 3 [pid 5833] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 8918] <... openat resumed>) = 4 [pid 8918] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8917] <... futex resumed>) = 0 [pid 8918] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8917] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8917] <... futex resumed>) = 0 [pid 8917] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8918] mkdir("./file2", 0777 [pid 8922] <... ioctl resumed>) = 0 [pid 8921] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5833] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./269/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./269/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8921] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] getdents64(4, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8922] close(3) = 0 [pid 8921] <... openat resumed>) = 3 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 8922] close(4 [pid 8921] chdir("./file1" [pid 8922] <... close resumed>) = 0 [pid 8921] <... chdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8923 [pid 8922] mkdir("./file1", 0777 [pid 8921] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] rmdir("./269/file1" [pid 8922] <... mkdir resumed>) = 0 [pid 8921] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... rmdir resumed>) = 0 [pid 8922] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8921] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8923 attached [pid 8921] <... futex resumed>) = 1 [pid 8921] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./269/binderfs") = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 8920] <... futex resumed>) = 0 [pid 5833] rmdir("./269" [pid 8920] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8918] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... rmdir resumed>) = 0 [pid 8923] set_robust_list(0x55556b85b6a0, 24 [pid 8921] <... futex resumed>) = 0 [pid 8920] <... futex resumed>) = 1 [pid 8918] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8923] <... set_robust_list resumed>) = 0 [pid 8921] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8920] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] mkdir("./270", 0777 [pid 8923] chdir("./266" [pid 8917] <... futex resumed>) = ? [pid 5833] <... mkdir resumed>) = 0 [ 232.212196][ T8921] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 232.225507][ T8922] loop1: detected capacity change from 0 to 256 [ 232.231413][ T8918] exFAT-fs (loop2): error, data size is invalid(9000) [ 232.245469][ T8918] exFAT-fs (loop2): Filesystem has been set read-only [pid 8923] <... chdir resumed>) = 0 [pid 8921] <... openat resumed>) = 4 [pid 8923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8921] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8921] <... futex resumed>) = 1 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8923] setpgid(0, 0) = 0 [pid 8923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8923] write(3, "1000", 4) = 4 [pid 8923] close(3) = 0 [pid 8923] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 8923] write(1, "executing program\n", 18) = 18 [pid 8923] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8923] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 8921] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8923] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8920] <... futex resumed>) = 0 [pid 5833] close(3 [pid 8923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... close resumed>) = 0 [pid 8920] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8921] <... futex resumed>) = 0 [pid 8920] <... futex resumed>) = 1 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8921] mkdir("./file2", 0777 [pid 8920] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8924 attached [pid 8923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8925 attached [pid 8924] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8923] <... clone3 resumed> => {parent_tid=[8925]}, 88) = 8925 [pid 8924] chdir("./270" [pid 8923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8924] <... chdir resumed>) = 0 [pid 8923] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8925] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8923] <... futex resumed>) = 0 [pid 8924] <... prctl resumed>) = 0 [pid 8923] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8924] setpgid(0, 0 [pid 8925] <... rseq resumed>) = 0 [pid 8924] <... setpgid resumed>) = 0 [pid 8925] set_robust_list(0x7f300ac489a0, 24 [pid 8924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8925] <... set_robust_list resumed>) = 0 [pid 8924] <... openat resumed>) = 3 [pid 8925] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8924 [pid 8925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8925] memfd_create("syzkaller", 0) = 3 [pid 8925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8925] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8924] write(3, "1000", 4) = 4 [pid 8918] +++ killed by SIGSEGV +++ [pid 8917] +++ killed by SIGSEGV +++ [pid 8924] close(3) = 0 executing program [pid 8924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8917, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8925] <... write resumed>) = 131072 [pid 5832] umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8924] write(1, "executing program\n", 18 [pid 5832] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8924] <... write resumed>) = 18 [pid 8925] munmap(0x7f3002800000, 138412032 [pid 8924] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8925] <... munmap resumed>) = 0 [pid 8924] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8925] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8924] <... mmap resumed>) = 0x7f300ac28000 [pid 8925] <... openat resumed>) = 4 [pid 8924] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8925] ioctl(4, LOOP_SET_FD, 3 [pid 8924] <... mprotect resumed>) = 0 [ 232.276572][ T8922] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 232.303945][ T8921] exFAT-fs (loop4): error, data size is invalid(9000) [ 232.311938][ T8921] exFAT-fs (loop4): Filesystem has been set read-only [pid 8924] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8922] <... mount resumed>) = 0 [pid 8921] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8922] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./262/file1", [pid 8922] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./262/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8922] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./262/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 8922] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./262/file1" [pid 8922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8921] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8922] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8920] <... futex resumed>) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8922] <... futex resumed>) = 1 [pid 8919] <... futex resumed>) = 0 [pid 8924] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8924] <... clone3 resumed> => {parent_tid=[8926]}, 88) = 8926 [pid 5832] unlink("./262/binderfs"./strace-static-x86_64: Process 8926 attached [pid 8924] rt_sigprocmask(SIG_SETMASK, [], [pid 8922] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8921] +++ killed by SIGSEGV +++ [pid 8920] +++ killed by SIGSEGV +++ [pid 8919] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... unlink resumed>) = 0 [pid 8926] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] getdents64(3, [pid 8926] <... rseq resumed>) = 0 [pid 8924] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8919] <... futex resumed>) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8920, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8926] set_robust_list(0x7f300ac489a0, 24 [pid 8924] <... futex resumed>) = 0 [pid 8919] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8926] <... set_robust_list resumed>) = 0 [pid 8924] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] close(3 [pid 8926] rt_sigprocmask(SIG_SETMASK, [], [pid 8922] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 8926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8922] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5832] rmdir("./262" [pid 8926] memfd_create("syzkaller", 0 [pid 8922] <... futex resumed>) = 1 [pid 8919] <... futex resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8926] <... memfd_create resumed>) = 3 [pid 8922] mkdir("./file2", 0777 [pid 8919] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8919] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] mkdir("./263", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8925] <... ioctl resumed>) = 0 [pid 5834] umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 8926] <... mmap resumed>) = 0x7f3002800000 [pid 8925] close(3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8925] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... ioctl resumed>) = 0 [pid 8925] close(4 [pid 5834] <... openat resumed>) = 3 [pid 5832] close(3 [pid 5834] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8927 ./strace-static-x86_64: Process 8927 attached [pid 8926] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8925] <... close resumed>) = 0 [pid 8925] mkdir("./file1", 0777) = 0 [pid 8925] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8927] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8927] chdir("./263") = 0 [pid 8927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8927] setpgid(0, 0) = 0 [pid 8927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8927] write(3, "1000", 4) = 4 [pid 8927] close(3) = 0 [pid 8927] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8927] write(1, "executing program\n", 18) = 18 [pid 8927] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8927] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5834] <... umount2 resumed>) = 0 [pid 5834] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8926] <... write resumed>) = 131072 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] newfstatat(AT_FDCWD, "./267/file1", [pid 8927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8927] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8927] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 232.336971][ T8925] loop0: detected capacity change from 0 to 256 [ 232.374937][ T8922] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8927] <... mprotect resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8927] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... openat resumed>) = 4 [pid 8927] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] newfstatat(4, "", [pid 8927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8928 attached [pid 5834] getdents64(4, [pid 8927] <... clone3 resumed> => {parent_tid=[8928]}, 88) = 8928 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] getdents64(4, [pid 8927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8927] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8927] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] close(4 [pid 8919] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8928] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8919] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8928] set_robust_list(0x7f300ac489a0, 24 [pid 8926] munmap(0x7f3002800000, 138412032 [pid 8928] <... set_robust_list resumed>) = 0 [pid 8919] <... futex resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8928] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] rmdir("./267/file1" [pid 8926] <... munmap resumed>) = 0 [pid 8919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 8928] memfd_create("syzkaller", 0 [pid 5834] umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8928] <... memfd_create resumed>) = 3 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] newfstatat(AT_FDCWD, "./267/binderfs", [pid 8928] <... mmap resumed>) = 0x7f3002800000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8928] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] unlink("./267/binderfs") = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] close(3) = 0 [pid 5834] rmdir("./267" [pid 8928] <... write resumed>) = 131072 [pid 5834] <... rmdir resumed>) = 0 [pid 5834] mkdir("./268", 0777 [pid 8922] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5834] <... mkdir resumed>) = 0 [pid 8928] munmap(0x7f3002800000, 138412032 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8928] <... munmap resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 8928] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8928] <... openat resumed>) = 4 [pid 5834] <... ioctl resumed>) = 0 [ 232.413353][ T8922] exFAT-fs (loop1): Filesystem has been set read-only [ 232.425705][ T8925] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8928] ioctl(4, LOOP_SET_FD, 3 [pid 5834] close(3 [pid 8926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8919] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... close resumed>) = 0 [pid 8928] <... ioctl resumed>) = 0 [pid 8926] <... openat resumed>) = 4 [pid 8925] <... mount resumed>) = 0 [pid 8919] <... mprotect resumed>) = ? [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8929 attached [pid 8926] ioctl(4, LOOP_SET_FD, 3 [pid 8925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8929 [pid 8929] set_robust_list(0x55556b85b6a0, 24 [pid 8925] chdir("./file1" [pid 8929] <... set_robust_list resumed>) = 0 [pid 8928] close(3 [pid 8925] <... chdir resumed>) = 0 [pid 8929] chdir("./268" [pid 8928] <... close resumed>) = 0 [pid 8925] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8929] <... chdir resumed>) = 0 [pid 8928] close(4 [pid 8925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8928] <... close resumed>) = 0 [pid 8925] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] <... prctl resumed>) = 0 [pid 8928] mkdir("./file1", 0777 [pid 8925] <... futex resumed>) = 1 [pid 8923] <... futex resumed>) = 0 [pid 8922] +++ killed by SIGSEGV +++ [pid 8919] +++ killed by SIGSEGV +++ [pid 8929] setpgid(0, 0 [pid 8928] <... mkdir resumed>) = 0 [pid 8925] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8923] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8919, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 8929] <... setpgid resumed>) = 0 [pid 8925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8923] <... futex resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8925] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8923] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... restart_syscall resumed>) = 0 [pid 8929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8925] <... openat resumed>) = 4 [pid 8929] <... openat resumed>) = 3 [pid 8928] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8925] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] write(3, "1000", 4 [pid 8925] <... futex resumed>) = 1 [pid 8923] <... futex resumed>) = 0 [pid 8926] <... ioctl resumed>) = 0 [pid 5831] umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8929] <... write resumed>) = 4 [pid 8925] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8923] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8929] close(3 [pid 8926] close(3 [pid 8925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8923] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8929] <... close resumed>) = 0 [ 232.456285][ T8928] loop2: detected capacity change from 0 to 256 [ 232.477664][ T8926] loop3: detected capacity change from 0 to 256 [pid 8926] <... close resumed>) = 0 [pid 8925] mkdir("./file2", 0777 [pid 8923] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 3 [pid 8929] symlink("/dev/binderfs", "./binderfs" [pid 8926] close(4 [pid 5831] newfstatat(3, "", [pid 8926] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 8926] mkdir("./file1", 0777executing program [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8929] <... symlink resumed>) = 0 [pid 8926] <... mkdir resumed>) = 0 [pid 8929] write(1, "executing program\n", 18 [pid 8926] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5831] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8929] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = 0 [pid 8929] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8929] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8929] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] newfstatat(AT_FDCWD, "./270/file1", [pid 8929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8929] <... mmap resumed>) = 0x7f300ac28000 [pid 5831] openat(AT_FDCWD, "./270/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8929] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... openat resumed>) = 4 [pid 8929] <... mprotect resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 8929] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8929] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] getdents64(4, [pid 8929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8930 attached [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./270/file1" [pid 8929] <... clone3 resumed> => {parent_tid=[8930]}, 88) = 8930 [pid 5831] <... rmdir resumed>) = 0 [pid 8929] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8930] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8929] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(AT_FDCWD, "./270/binderfs", [pid 8930] <... rseq resumed>) = 0 [pid 8929] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8930] set_robust_list(0x7f300ac489a0, 24 [pid 8929] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] unlink("./270/binderfs" [pid 8930] <... set_robust_list resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [ 232.511619][ T8925] exFAT-fs (loop0): error, data size is invalid(9000) [ 232.542150][ T8928] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8930] rt_sigprocmask(SIG_SETMASK, [], [pid 8923] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 8923] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] rmdir("./270" [pid 8923] <... futex resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 8923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8923] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] mkdir("./271", 0777) = 0 [pid 8930] memfd_create("syzkaller", 0 [pid 8923] <... mprotect resumed>) = 0 [pid 8930] <... memfd_create resumed>) = 3 [pid 8923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8930] <... mmap resumed>) = 0x7f3002800000 [pid 8923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 8930] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 8923] <... clone3 resumed> => {parent_tid=[8931]}, 88) = 8931 [pid 5831] close(3 [pid 8923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8931 attached [pid 8923] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] <... write resumed>) = 131072 [pid 8923] <... futex resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8931] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8923] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8931] <... rseq resumed>) = 0 [pid 8931] set_robust_list(0x7f300ac279a0, 24) = 0 [pid 8931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8931] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8930] munmap(0x7f3002800000, 138412032 [pid 8931] <... ioctl resumed>) = 0 [pid 8930] <... munmap resumed>) = 0 [pid 8928] <... mount resumed>) = 0 [pid 8925] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8931] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 232.558081][ T8925] exFAT-fs (loop0): Filesystem has been set read-only [pid 8928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8932 ./strace-static-x86_64: Process 8932 attached [pid 8931] <... futex resumed>) = ? [pid 8930] <... openat resumed>) = 4 [pid 8928] <... openat resumed>) = 3 [pid 8923] <... futex resumed>) = ? [pid 8931] +++ killed by SIGSEGV +++ [pid 8930] ioctl(4, LOOP_SET_FD, 3 [pid 8928] chdir("./file1" [pid 8925] +++ killed by SIGSEGV +++ [pid 8923] +++ killed by SIGSEGV +++ [pid 8928] <... chdir resumed>) = 0 [pid 8928] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8923, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8928] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8928] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8927] <... futex resumed>) = 0 [pid 8928] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8927] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8927] <... futex resumed>) = 0 [pid 8928] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8927] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8928] <... openat resumed>) = 4 [pid 8932] set_robust_list(0x55556b85b6a0, 24 [pid 8928] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8932] <... set_robust_list resumed>) = 0 [pid 8928] <... futex resumed>) = 1 [pid 8927] <... futex resumed>) = 0 [pid 8928] mkdir("./file2", 0777 [pid 8927] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8932] chdir("./271" [pid 5830] umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8932] <... chdir resumed>) = 0 [pid 8927] <... futex resumed>) = 0 [pid 8926] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8927] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8932] setpgid(0, 0) = 0 [pid 8926] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 8932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8926] chdir("./file1" [pid 5830] newfstatat(3, "", [pid 8932] <... openat resumed>) = 3 [pid 8926] <... chdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 8932] write(3, "1000", 4 [pid 8926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8932] <... write resumed>) = 4 [pid 8926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8932] close(3 [pid 8926] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8932] <... close resumed>) = 0 [pid 8926] <... futex resumed>) = 1 [pid 8924] <... futex resumed>) = 0 [pid 8926] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8924] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] <... ioctl resumed>) = 0 [pid 8924] <... futex resumed>) = 0 [pid 8930] close(3 [ 232.608499][ T8926] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 232.628476][ T8928] exFAT-fs (loop2): error, data size is invalid(9000) [ 232.635840][ T8930] loop4: detected capacity change from 0 to 256 [pid 8924] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8932] symlink("/dev/binderfs", "./binderfs" [pid 8930] <... close resumed>) = 0 [pid 8926] <... openat resumed>) = 4 [pid 8930] close(4 [pid 8932] <... symlink resumed>) = 0 [pid 8930] <... close resumed>) = 0 [pid 8926] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8932] write(1, "executing program\n", 18 [pid 8926] <... futex resumed>) = 1 [pid 8924] <... futex resumed>) = 0 [pid 8926] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8932] <... write resumed>) = 18 [pid 8926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8924] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8932] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8924] <... futex resumed>) = 0 [pid 8932] <... futex resumed>) = 0 [pid 8926] mkdir("./file2", 0777 [pid 8924] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8932] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8930] mkdir("./file1", 0777) = 0 [pid 8930] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8932] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8927] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8932] <... mmap resumed>) = 0x7f300ac28000 [pid 8927] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8927] <... futex resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./266/file1", [pid 8932] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8932] <... mprotect resumed>) = 0 [pid 8932] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8927] <... mmap resumed>) = 0x7f300ac07000 [pid 5830] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8927] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8932] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8927] <... mprotect resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8927] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... openat resumed>) = 4 ./strace-static-x86_64: Process 8933 attached [pid 8932] <... clone3 resumed> => {parent_tid=[8933]}, 88) = 8933 [pid 8927] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] newfstatat(4, "", [pid 8933] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8932] rt_sigprocmask(SIG_SETMASK, [], [pid 8933] <... rseq resumed>) = 0 [pid 8932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8933] set_robust_list(0x7f300ac489a0, 24 [pid 8932] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8933] <... set_robust_list resumed>) = 0 [pid 8932] <... futex resumed>) = 0 [pid 5830] getdents64(4, [pid 8933] rt_sigprocmask(SIG_SETMASK, [], [pid 8932] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8926] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8933] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 8934 attached [pid 8927] <... clone3 resumed> => {parent_tid=[8934]}, 88) = 8934 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8934] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8933] memfd_create("syzkaller", 0 [pid 8927] rt_sigprocmask(SIG_SETMASK, [], [pid 8926] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] getdents64(4, [pid 8934] <... rseq resumed>) = 0 [pid 8933] <... memfd_create resumed>) = 3 [pid 8927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8924] <... futex resumed>) = ? [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8934] set_robust_list(0x7f300ac279a0, 24 [pid 8927] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] close(4 [pid 8934] <... set_robust_list resumed>) = 0 [pid 8933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8927] <... futex resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8934] rt_sigprocmask(SIG_SETMASK, [], [pid 8927] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] rmdir("./266/file1" [pid 8934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8934] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./266/binderfs", [pid 8934] <... ioctl resumed>) = 0 [pid 8933] <... mmap resumed>) = 0x7f3002800000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8934] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] unlink("./266/binderfs" [pid 8934] <... futex resumed>) = 1 [ 232.679991][ T8926] exFAT-fs (loop3): error, data size is invalid(9000) [ 232.681046][ T8928] exFAT-fs (loop2): Filesystem has been set read-only [ 232.686786][ T8926] exFAT-fs (loop3): Filesystem has been set read-only [pid 8927] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8934] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 8928] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5830] rmdir("./266" [pid 8928] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5830] <... rmdir resumed>) = 0 [pid 8934] <... futex resumed>) = ? [pid 5830] mkdir("./267", 0777 [pid 8934] +++ killed by SIGSEGV +++ [pid 8933] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8926] +++ killed by SIGSEGV +++ [pid 8924] +++ killed by SIGSEGV +++ [pid 5830] <... mkdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8924, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8933] <... write resumed>) = 131072 [pid 8928] +++ killed by SIGSEGV +++ [pid 8927] +++ killed by SIGSEGV +++ [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8927, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8933] munmap(0x7f3002800000, 138412032) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5833] umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5833] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5830] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8935 ./strace-static-x86_64: Process 8935 attached [pid 8933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = 0 [pid 8935] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8933] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8935] chdir("./267" [pid 8933] ioctl(4, LOOP_SET_FD, 3 [pid 5833] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8935] <... chdir resumed>) = 0 [ 232.754736][ T8930] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(AT_FDCWD, "./263/file1", [pid 5833] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8935] <... prctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./263/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./263/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8935] setpgid(0, 0 [pid 5832] getdents64(4, [pid 8935] <... setpgid resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./263/file1") = 0 [pid 5832] umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./263/binderfs") = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./263" [pid 8935] <... openat resumed>) = 3 [pid 8933] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8935] write(3, "1000", 4 [pid 8933] close(3 [pid 5832] mkdir("./264", 0777 [pid 8935] <... write resumed>) = 4 [pid 8933] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8930] <... mount resumed>) = 0 [pid 8930] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8933] close(4 [pid 8935] close(3 [pid 8930] <... openat resumed>) = 3 [pid 8935] <... close resumed>) = 0 [pid 8933] <... close resumed>) = 0 [pid 8930] chdir("./file1") = 0 [pid 8935] symlink("/dev/binderfs", "./binderfs" [pid 8933] mkdir("./file1", 0777 [pid 8930] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8930] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 8933] <... mkdir resumed>) = 0 [pid 8930] <... futex resumed>) = 1 [pid 8929] <... futex resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8930] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8929] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8935] <... symlink resumed>) = 0 [pid 8933] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8929] <... futex resumed>) = 0 [pid 5833] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 executing program [pid 8929] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] close(3 [pid 8935] write(1, "executing program\n", 18 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8935] <... write resumed>) = 18 [pid 8930] <... openat resumed>) = 4 [pid 5833] newfstatat(AT_FDCWD, "./270/file1", [pid 5832] <... close resumed>) = 0 [pid 8935] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8935] <... futex resumed>) = 0 [pid 8930] <... futex resumed>) = 1 [pid 8929] <... futex resumed>) = 0 [pid 5833] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8936 attached [ 232.798256][ T8933] loop1: detected capacity change from 0 to 256 [pid 8935] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8930] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8929] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8936 [pid 8930] mkdir("./file2", 0777 [pid 8929] <... futex resumed>) = 0 [pid 8936] set_robust_list(0x55556b85b6a0, 24 [pid 8935] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8929] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8936] <... set_robust_list resumed>) = 0 [pid 8935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8936] chdir("./264" [pid 8935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] openat(AT_FDCWD, "./270/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8936] <... chdir resumed>) = 0 [pid 8935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... openat resumed>) = 4 [pid 8936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8935] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] newfstatat(4, "", [pid 8936] setpgid(0, 0 [pid 8935] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8936] <... setpgid resumed>) = 0 [pid 8935] <... mprotect resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8935] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] getdents64(4, [pid 8936] <... openat resumed>) = 3 [pid 8935] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8936] write(3, "1000", 4 [pid 8935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5833] getdents64(4, [pid 8936] <... write resumed>) = 4 ./strace-static-x86_64: Process 8937 attached [pid 8936] close(3 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8937] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8936] <... close resumed>) = 0 [pid 8935] <... clone3 resumed> => {parent_tid=[8937]}, 88) = 8937 [pid 5833] close(4 [pid 8937] <... rseq resumed>) = 0 [pid 8936] symlink("/dev/binderfs", "./binderfs" [pid 8935] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... close resumed>) = 0 [pid 8937] set_robust_list(0x7f300ac489a0, 24 [pid 5833] rmdir("./270/file1" [pid 8937] <... set_robust_list resumed>) = 0 [pid 8936] <... symlink resumed>) = 0 [pid 8935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8935] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8933] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./270/binderfs", [pid 8935] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 8937] rt_sigprocmask(SIG_SETMASK, [], [pid 8936] write(1, "executing program\n", 18 [pid 8933] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8936] <... write resumed>) = 18 [pid 8933] <... openat resumed>) = 3 [pid 5833] unlink("./270/binderfs" [pid 8936] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8937] memfd_create("syzkaller", 0 [pid 8936] <... futex resumed>) = 0 [pid 8933] chdir("./file1" [pid 5833] <... unlink resumed>) = 0 [pid 8937] <... memfd_create resumed>) = 3 [pid 8936] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8933] <... chdir resumed>) = 0 [pid 5833] getdents64(3, [pid 8936] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8936] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] close(3 [pid 8936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... close resumed>) = 0 [pid 8933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] rmdir("./270" [pid 8936] <... mmap resumed>) = 0x7f300ac28000 [ 232.843780][ T8933] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 232.849194][ T8930] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8936] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... rmdir resumed>) = 0 [pid 8937] <... mmap resumed>) = 0x7f3002800000 [pid 8936] <... mprotect resumed>) = 0 [pid 8933] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] mkdir("./271", 0777 [pid 8936] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8933] <... futex resumed>) = 1 [pid 8932] <... futex resumed>) = 0 [pid 8937] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8936] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8933] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8932] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... mkdir resumed>) = 0 [pid 8937] <... write resumed>) = 131072 [pid 8936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8933] <... openat resumed>) = 4 [pid 8932] <... futex resumed>) = 0 [pid 8929] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8937] munmap(0x7f3002800000, 138412032 [pid 8932] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8938 attached [pid 8929] <... futex resumed>) = 0 [pid 8937] <... munmap resumed>) = 0 [pid 8938] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8933] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8938] <... rseq resumed>) = 0 [pid 8937] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8936] <... clone3 resumed> => {parent_tid=[8938]}, 88) = 8938 [pid 8933] <... futex resumed>) = 1 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8932] <... futex resumed>) = 0 [pid 8938] set_robust_list(0x7f300ac489a0, 24 [pid 8929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8932] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 8938] <... set_robust_list resumed>) = 0 [pid 8936] rt_sigprocmask(SIG_SETMASK, [], [pid 8938] rt_sigprocmask(SIG_SETMASK, [], [pid 8933] mkdir("./file2", 0777 [pid 8932] <... futex resumed>) = 0 [pid 8929] <... mmap resumed>) = 0x7f300ac07000 [pid 8938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8937] <... openat resumed>) = 4 [pid 8932] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8929] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8939 attached [pid 8939] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8929] <... clone3 resumed> => {parent_tid=[8939]}, 88) = 8939 [pid 8939] <... rseq resumed>) = 0 [pid 8929] rt_sigprocmask(SIG_SETMASK, [], [pid 8938] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8939] set_robust_list(0x7f300ac279a0, 24 [pid 8937] ioctl(4, LOOP_SET_FD, 3 [pid 8929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8939] <... set_robust_list resumed>) = 0 [pid 8929] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8939] rt_sigprocmask(SIG_SETMASK, [], [pid 8929] <... futex resumed>) = 0 [pid 8939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8929] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8939] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 8939] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8929] <... futex resumed>) = 0 [pid 8939] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8930] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8930] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8939] <... futex resumed>) = ? [pid 8939] +++ killed by SIGSEGV +++ [pid 8936] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... ioctl resumed>) = 0 [pid 8936] <... futex resumed>) = 1 [pid 5833] close(3 [pid 8938] <... futex resumed>) = 0 [pid 8938] memfd_create("syzkaller", 0 [pid 8936] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 8938] <... memfd_create resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8930] +++ killed by SIGSEGV +++ [pid 8937] <... ioctl resumed>) = 0 [pid 8929] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 8940 attached [pid 8938] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8937] close(3 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8929, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8940 [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 8940] set_robust_list(0x55556b85b6a0, 24 [pid 8937] <... close resumed>) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 8940] <... set_robust_list resumed>) = 0 [pid 8938] <... write resumed>) = 131072 [pid 8937] close(4 [pid 8933] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8940] chdir("./271" [pid 8938] munmap(0x7f3002800000, 138412032 [pid 8937] <... close resumed>) = 0 [pid 8940] <... chdir resumed>) = 0 [pid 8938] <... munmap resumed>) = 0 [pid 8937] mkdir("./file1", 0777 [pid 8933] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW [ 232.916193][ T8930] exFAT-fs (loop4): Filesystem has been set read-only [ 232.926229][ T8933] exFAT-fs (loop1): error, data size is invalid(9000) [ 232.936558][ T8937] loop0: detected capacity change from 0 to 256 [ 232.959281][ T8933] exFAT-fs (loop1): Filesystem has been set read-only [pid 8938] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8937] <... mkdir resumed>) = 0 [pid 8932] <... futex resumed>) = ? [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8938] <... openat resumed>) = 4 [pid 5834] openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8938] ioctl(4, LOOP_SET_FD, 3 [pid 5834] <... openat resumed>) = 3 [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] getdents64(3, [pid 8940] <... prctl resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] setpgid(0, 0) = 0 [pid 8937] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8933] +++ killed by SIGSEGV +++ [pid 8932] +++ killed by SIGSEGV +++ [pid 5834] <... umount2 resumed>) = 0 [pid 8940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8932, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5834] newfstatat(AT_FDCWD, "./268/file1", [pid 8940] <... openat resumed>) = 3 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] write(3, "1000", 4 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./268/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8938] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8938] close(3 [pid 5831] newfstatat(3, "", [pid 8940] <... write resumed>) = 4 [pid 8938] <... close resumed>) = 0 [pid 5834] newfstatat(4, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8940] close(3 [pid 8938] close(4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 8940] <... close resumed>) = 0 [pid 8940] symlink("/dev/binderfs", "./binderfs" [pid 8938] <... close resumed>) = 0 [pid 5834] getdents64(4, [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8938] mkdir("./file1", 0777 [pid 8940] <... symlink resumed>) = 0 [pid 5831] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] write(1, "executing program\n", 18 [pid 8938] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 executing program [pid 8938] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 8940] <... write resumed>) = 18 [pid 5834] getdents64(4, [pid 8940] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] <... futex resumed>) = 0 [pid 5834] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8940] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] newfstatat(AT_FDCWD, "./271/file1", [pid 8940] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... close resumed>) = 0 [pid 8940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] rmdir("./268/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8940] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] openat(AT_FDCWD, "./271/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8937] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 8940] <... mprotect resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 8937] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8937] chdir("./file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8940] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8937] <... chdir resumed>) = 0 [pid 5831] getdents64(4, [pid 8940] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8937] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8937] <... futex resumed>) = 1 [pid 8935] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8935] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] getdents64(4, [pid 8935] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8941 attached [pid 8937] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8941] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8940] <... clone3 resumed> => {parent_tid=[8941]}, 88) = 8941 [pid 5831] close(4 [pid 8940] rt_sigprocmask(SIG_SETMASK, [], [pid 8941] <... rseq resumed>) = 0 [pid 8940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 8941] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8941] rt_sigprocmask(SIG_SETMASK, [], [pid 8940] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] rmdir("./271/file1" [pid 8941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8941] memfd_create("syzkaller", 0 [pid 8940] <... futex resumed>) = 0 [pid 8937] <... openat resumed>) = 4 [pid 5831] <... rmdir resumed>) = 0 [pid 8941] <... memfd_create resumed>) = 3 [pid 8940] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8937] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 232.980896][ T8938] loop2: detected capacity change from 0 to 256 [ 233.017237][ T8937] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8941] <... mmap resumed>) = 0x7f3002800000 [pid 8937] <... futex resumed>) = 1 [pid 8935] <... futex resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8935] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8935] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8941] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8937] mkdir("./file2", 0777 [pid 8941] <... write resumed>) = 131072 [pid 5834] newfstatat(AT_FDCWD, "./268/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./271/binderfs", [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./268/binderfs" [pid 8941] munmap(0x7f3002800000, 138412032 [pid 5834] <... unlink resumed>) = 0 [pid 5831] unlink("./271/binderfs" [pid 5834] getdents64(3, [pid 8941] <... munmap resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 8941] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] close(3 [pid 5831] getdents64(3, [pid 8941] <... openat resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8941] ioctl(4, LOOP_SET_FD, 3 [pid 5834] rmdir("./268" [pid 5831] close(3 [pid 8938] <... mount resumed>) = 0 [pid 5834] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8938] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] mkdir("./269", 0777 [pid 5831] rmdir("./271") = 0 [pid 8938] <... openat resumed>) = 3 [pid 8938] chdir("./file1" [pid 5834] <... mkdir resumed>) = 0 [pid 5831] mkdir("./272", 0777 [pid 8938] <... chdir resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 8935] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8935] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8935] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8938] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8935] <... mprotect resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8935] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... openat resumed>) = 3 [pid 8938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8935] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5831] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 8942 attached [pid 8938] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8935] <... clone3 resumed> => {parent_tid=[8942]}, 88) = 8942 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5831] <... ioctl resumed>) = 0 [pid 8942] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8941] <... ioctl resumed>) = 0 [pid 8938] <... futex resumed>) = 1 [pid 8936] <... futex resumed>) = 0 [pid 8935] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... ioctl resumed>) = 0 [pid 8942] <... rseq resumed>) = 0 [pid 8938] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8936] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8935] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 233.054837][ T8938] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 233.071556][ T8937] exFAT-fs (loop0): error, data size is invalid(9000) [ 233.078454][ T8937] exFAT-fs (loop0): Filesystem has been set read-only [ 233.095423][ T8941] loop3: detected capacity change from 0 to 256 [pid 5834] close(3 [pid 5831] close(3 [pid 8942] set_robust_list(0x7f300ac279a0, 24 [pid 8941] close(3 [pid 8938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8936] <... futex resumed>) = 0 [pid 8935] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 8937] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8936] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] <... close resumed>) = 0 [pid 8938] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8935] <... futex resumed>) = ? [pid 8942] <... set_robust_list resumed>) = ? [pid 8937] +++ killed by SIGSEGV +++ [pid 8941] <... close resumed>) = 0 [pid 8941] close(4) = 0 [pid 8941] mkdir("./file1", 0777) = 0 [pid 8941] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8942] +++ killed by SIGSEGV +++ [pid 8935] +++ killed by SIGSEGV +++ [pid 8938] <... openat resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8935, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 8943 attached [pid 8938] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8938] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 8944 attached [pid 8943] set_robust_list(0x55556b85b6a0, 24 [pid 8936] <... futex resumed>) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8943 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8944] set_robust_list(0x55556b85b6a0, 24 [pid 8943] <... set_robust_list resumed>) = 0 [pid 8936] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8944 [pid 8944] <... set_robust_list resumed>) = 0 [pid 8943] chdir("./269" [pid 8938] <... futex resumed>) = 0 [pid 8936] <... futex resumed>) = 1 [pid 8944] chdir("./272" [pid 8943] <... chdir resumed>) = 0 [pid 8938] mkdir("./file2", 0777 [pid 8936] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8944] <... chdir resumed>) = 0 [pid 5830] umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8944] <... prctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8944] setpgid(0, 0 [pid 5830] <... openat resumed>) = 3 [pid 8944] <... setpgid resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8944] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 8944] write(3, "1000", 4 [pid 8943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8944] <... write resumed>) = 4 [pid 5830] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] close(3executing program ) = 0 [pid 8943] <... prctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8944] write(1, "executing program\n", 18) = 18 [pid 8944] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8944] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] newfstatat(AT_FDCWD, "./267/file1", [pid 8944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8943] setpgid(0, 0 [pid 5830] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8944] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8944] <... mprotect resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8943] <... setpgid resumed>) = 0 [pid 8938] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8938] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8943] <... openat resumed>) = 3 [pid 8936] <... futex resumed>) = ? [pid 8943] write(3, "1000", 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8943] <... write resumed>) = 4 [pid 5830] getdents64(4, [pid 8944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8943] close(3 [pid 8938] +++ killed by SIGSEGV +++ [pid 8936] +++ killed by SIGSEGV +++ [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5830] close(4./strace-static-x86_64: Process 8945 attached [pid 8943] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 8944] <... clone3 resumed> => {parent_tid=[8945]}, 88) = 8945 [pid 5830] rmdir("./267/file1" [pid 8944] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rmdir resumed>) = 0 [pid 8944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8936, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8944] <... futex resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./267/binderfs", [pid 8944] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./267/binderfs") = 0 [ 233.153430][ T8938] exFAT-fs (loop2): error, data size is invalid(9000) [ 233.170941][ T8938] exFAT-fs (loop2): Filesystem has been set read-only [ 233.183965][ T8941] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./267") = 0 [pid 5830] mkdir("./268", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 8943] symlink("/dev/binderfs", "./binderfs" [pid 8945] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5830] <... close resumed>) = 0 executing program [pid 8943] <... symlink resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8945] <... rseq resumed>) = 0 [pid 8943] write(1, "executing program\n", 18 [pid 5832] umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8945] set_robust_list(0x7f300ac489a0, 24 [pid 8943] <... write resumed>) = 18 [pid 8945] <... set_robust_list resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8945] rt_sigprocmask(SIG_SETMASK, [], [pid 8943] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8943] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8946 attached [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8946 [pid 8946] set_robust_list(0x55556b85b6a0, 24 [pid 8945] memfd_create("syzkaller", 0 [pid 8943] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] <... openat resumed>) = 3 [pid 8943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] newfstatat(3, "", [pid 8943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8946] <... set_robust_list resumed>) = 0 [pid 8945] <... memfd_create resumed>) = 3 [pid 8943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8941] <... mount resumed>) = 0 [pid 5832] getdents64(3, [pid 8946] chdir("./268" [pid 8945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8943] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8943] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8946] <... chdir resumed>) = 0 [pid 8945] <... mmap resumed>) = 0x7f3002800000 [pid 8943] <... mprotect resumed>) = 0 [pid 8941] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8946] setpgid(0, 0) = 0 [pid 8946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8941] <... openat resumed>) = 3 [pid 8946] <... openat resumed>) = 3 [pid 8946] write(3, "1000", 4) = 4 [pid 8946] close(3 [pid 8945] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8941] chdir("./file1"./strace-static-x86_64: Process 8947 attached [pid 8946] <... close resumed>) = 0 [pid 8941] <... chdir resumed>) = 0 [pid 8946] symlink("/dev/binderfs", "./binderfs" [pid 8943] <... clone3 resumed> => {parent_tid=[8947]}, 88) = 8947 [pid 8941] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8943] rt_sigprocmask(SIG_SETMASK, [], [pid 8947] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8946] <... symlink resumed>) = 0 [pid 8943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8941] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8947] <... rseq resumed>) = 0 [pid 8943] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8941] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 8947] set_robust_list(0x7f300ac489a0, 24 [pid 8946] write(1, "executing program\n", 18 [pid 8943] <... futex resumed>) = 0 [pid 8941] <... futex resumed>) = 1 [pid 8940] <... futex resumed>) = 0 [pid 8940] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8943] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8941] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8940] <... futex resumed>) = 0 [pid 8940] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8946] <... write resumed>) = 18 [pid 8946] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] <... set_robust_list resumed>) = 0 [pid 8946] <... futex resumed>) = 0 [pid 8945] <... write resumed>) = 131072 [pid 8947] rt_sigprocmask(SIG_SETMASK, [], [pid 8946] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8941] <... openat resumed>) = 4 [pid 8946] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8946] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8946] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8945] munmap(0x7f3002800000, 138412032 [pid 8941] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] memfd_create("syzkaller", 0 [pid 8946] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8945] <... munmap resumed>) = 0 [pid 8941] <... futex resumed>) = 1 [pid 8940] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8941] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8940] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8947] <... memfd_create resumed>) = 3 [pid 8940] <... futex resumed>) = 0 [pid 8945] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8940] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8941] mkdir("./file2", 0777 [pid 5832] newfstatat(AT_FDCWD, "./264/file1", [pid 8945] <... openat resumed>) = 4 [pid 8946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8948 attached => {parent_tid=[8948]}, 88) = 8948 [pid 8946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8946] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8948] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8946] <... futex resumed>) = 0 [pid 8948] <... rseq resumed>) = 0 [pid 8946] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8948] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8948] memfd_create("syzkaller", 0) = 3 [pid 8948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8948] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8945] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8948] <... write resumed>) = 131072 [pid 8948] munmap(0x7f3002800000, 138412032 [pid 8947] <... mmap resumed>) = 0x7f3002800000 [pid 8945] <... ioctl resumed>) = 0 [pid 5832] umount2("./264/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8947] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./264/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8947] <... write resumed>) = 131072 [pid 8945] close(3 [pid 5832] newfstatat(4, "", [pid 8947] munmap(0x7f3002800000, 138412032 [pid 8945] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8948] <... munmap resumed>) = 0 [pid 8948] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8947] <... munmap resumed>) = 0 [pid 8945] close(4 [pid 5832] getdents64(4, [pid 8948] <... openat resumed>) = 4 [pid 8945] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8948] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, [pid 8945] mkdir("./file1", 0777 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8947] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8945] <... mkdir resumed>) = 0 [pid 5832] close(4 [pid 8945] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 5832] <... close resumed>) = 0 [pid 8947] <... openat resumed>) = 4 [pid 5832] rmdir("./264/file1" [pid 8940] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8940] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 8940] <... futex resumed>) = 0 [pid 5832] umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8940] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] newfstatat(AT_FDCWD, "./264/binderfs", [pid 8940] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8947] ioctl(4, LOOP_SET_FD, 3 [pid 8940] <... mprotect resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8940] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] unlink("./264/binderfs" [pid 8948] <... ioctl resumed>) = 0 [ 233.285326][ T8941] exFAT-fs (loop3): error, data size is invalid(9000) [ 233.302806][ T8945] loop1: detected capacity change from 0 to 256 [ 233.305283][ T8941] exFAT-fs (loop3): Filesystem has been set read-only [ 233.327103][ T8948] loop0: detected capacity change from 0 to 256 [pid 8948] close(3) = 0 [pid 8948] close(4) = 0 [pid 8948] mkdir("./file1", 0777) = 0 [pid 8948] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8940] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 8940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8949 attached [pid 8941] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8949] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8941] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8949] <... rseq resumed>) = ? [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8940] <... clone3 resumed> ) = ? [pid 5832] close(3 [pid 8949] +++ killed by SIGSEGV +++ [pid 5832] <... close resumed>) = 0 [pid 8947] <... ioctl resumed>) = 0 [pid 5832] rmdir("./264" [pid 8947] close(3 [pid 8941] +++ killed by SIGSEGV +++ [pid 8940] +++ killed by SIGSEGV +++ [pid 5832] <... rmdir resumed>) = 0 [pid 8947] <... close resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8940, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] mkdir("./265", 0777 [pid 8947] close(4) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8947] mkdir("./file1", 0777) = 0 [pid 8947] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 8945] <... mount resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8945] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8945] chdir("./file1" [ 233.344800][ T8947] loop4: detected capacity change from 0 to 256 [ 233.362722][ T8945] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 233.363007][ T8948] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8950 attached [pid 8945] <... chdir resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 8945] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8950 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8950] set_robust_list(0x55556b85b6a0, 24 [pid 8945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8945] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8944] <... futex resumed>) = 0 [pid 8944] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... set_robust_list resumed>) = 0 [pid 8945] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8944] <... futex resumed>) = 0 [pid 8950] chdir("./265" [pid 8944] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8950] <... chdir resumed>) = 0 [pid 8948] <... mount resumed>) = 0 [pid 8950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8948] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8945] <... openat resumed>) = 4 [pid 8948] <... openat resumed>) = 3 [pid 8948] chdir("./file1") = 0 [pid 8948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8948] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... prctl resumed>) = 0 [pid 8945] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = 0 [pid 8945] <... futex resumed>) = 1 [pid 8950] setpgid(0, 0 [pid 8945] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8944] <... futex resumed>) = 0 [pid 5833] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8944] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8944] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./271/file1", [pid 8950] <... setpgid resumed>) = 0 [pid 8945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8944] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8945] mkdir("./file2", 0777 [pid 8950] <... openat resumed>) = 3 [pid 5833] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8950] write(3, "1000", 4 [pid 8947] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8950] <... write resumed>) = 4 [pid 5833] openat(AT_FDCWD, "./271/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8950] close(3 [pid 8947] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... openat resumed>) = 4 [pid 8950] <... close resumed>) = 0 [pid 8950] symlink("/dev/binderfs", "./binderfs" [pid 5833] newfstatat(4, "", [pid 8947] <... openat resumed>) = 3 [pid 8950] <... symlink resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 8950] write(1, "executing program\n", 18 [pid 8947] chdir("./file1" [pid 5833] getdents64(4, [pid 8950] <... write resumed>) = 18 [pid 8948] <... futex resumed>) = 1 [pid 8947] <... chdir resumed>) = 0 [pid 8946] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8947] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8950] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8948] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8947] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8946] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 8950] <... futex resumed>) = 0 [pid 8946] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8950] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8946] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] close(4 [pid 8950] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 8950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] rmdir("./271/file1" [pid 8950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8947] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8950] <... mmap resumed>) = 0x7f300ac28000 [pid 8948] <... openat resumed>) = 4 [pid 8950] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8947] <... futex resumed>) = 1 [pid 8943] <... futex resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8950] <... mprotect resumed>) = 0 [pid 8948] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8943] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./271/binderfs", [pid 8950] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8948] <... futex resumed>) = 1 [pid 8947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8946] <... futex resumed>) = 0 [pid 8943] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 233.427124][ T8947] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 233.462201][ T8945] exFAT-fs (loop1): error, data size is invalid(9000) [pid 8950] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8948] mkdir("./file2", 0777 [pid 8947] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8946] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8943] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./271/binderfs" [pid 8950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8946] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8946] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, [pid 8950] <... clone3 resumed> => {parent_tid=[8951]}, 88) = 8951 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8950] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] close(3./strace-static-x86_64: Process 8951 attached [pid 8950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8947] <... openat resumed>) = 4 [pid 8944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8951] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8950] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8944] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8951] <... rseq resumed>) = 0 [pid 8950] <... futex resumed>) = 0 [pid 8944] <... futex resumed>) = 0 [pid 8951] set_robust_list(0x7f300ac489a0, 24 [pid 8950] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] rmdir("./271" [pid 8951] <... set_robust_list resumed>) = 0 [pid 8947] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8951] rt_sigprocmask(SIG_SETMASK, [], [pid 8944] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] <... rmdir resumed>) = 0 [pid 8951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8944] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] mkdir("./272", 0777 [pid 8951] memfd_create("syzkaller", 0 [pid 8944] <... mprotect resumed>) = 0 [pid 8951] <... memfd_create resumed>) = 3 [pid 5833] <... mkdir resumed>) = 0 [pid 8951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8951] <... mmap resumed>) = 0x7f3002800000 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8951] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8947] <... futex resumed>) = 1 [pid 8944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8951] <... write resumed>) = 131072 [pid 8947] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 8943] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8952 attached [pid 8951] munmap(0x7f3002800000, 138412032 [pid 8945] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8943] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8952] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8951] <... munmap resumed>) = 0 [pid 8947] <... futex resumed>) = 0 [pid 8945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8944] <... clone3 resumed> => {parent_tid=[8952]}, 88) = 8952 [pid 8943] <... futex resumed>) = 1 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8952] <... rseq resumed>) = ? [pid 8951] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8947] mkdir("./file2", 0777 [pid 8943] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... ioctl resumed>) = 0 [ 233.495165][ T8945] exFAT-fs (loop1): Filesystem has been set read-only [ 233.507332][ T8948] exFAT-fs (loop0): error, data size is invalid(9000) [pid 8952] +++ killed by SIGSEGV +++ [pid 8951] <... openat resumed>) = 4 [pid 5833] close(3 [pid 8951] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... close resumed>) = 0 [pid 8946] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8946] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8953 attached [pid 8946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8953 [pid 8946] <... mmap resumed>) = 0x7f300ac07000 [pid 8953] set_robust_list(0x55556b85b6a0, 24 [pid 8946] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8953] <... set_robust_list resumed>) = 0 [pid 8946] <... mprotect resumed>) = 0 [pid 8953] chdir("./272" [pid 8946] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8953] <... chdir resumed>) = 0 [pid 8946] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8954 attached [pid 8953] <... prctl resumed>) = 0 [pid 8953] setpgid(0, 0 [pid 8946] <... clone3 resumed> => {parent_tid=[8954]}, 88) = 8954 [pid 8945] +++ killed by SIGSEGV +++ [pid 8944] +++ killed by SIGSEGV +++ [pid 8953] <... setpgid resumed>) = 0 [pid 8946] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8944, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 8953] <... openat resumed>) = 3 [pid 8946] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8946] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8954] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8953] write(3, "1000", 4 [pid 8951] <... ioctl resumed>) = 0 [pid 8954] <... rseq resumed>) = 0 [pid 8953] <... write resumed>) = 4 [pid 8951] close(3 [pid 8954] set_robust_list(0x7f300ac279a0, 24 [pid 8953] close(3 [pid 8951] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 8954] <... set_robust_list resumed>) = 0 [pid 8953] <... close resumed>) = 0 [pid 8954] rt_sigprocmask(SIG_SETMASK, [], [pid 8951] close(4 [pid 8954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8953] symlink("/dev/binderfs", "./binderfs" [pid 8951] <... close resumed>) = 0 [pid 8954] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 8953] <... symlink resumed>) = 0 [pid 8951] mkdir("./file1", 0777 [pid 5831] umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8954] <... ioctl resumed>) = 0 executing program [pid 8953] write(1, "executing program\n", 18 [pid 8951] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8954] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8953] <... write resumed>) = 18 [pid 8951] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8948] <... mkdir resumed>) = -1 EIO (Input/output error) [ 233.536152][ T8947] exFAT-fs (loop4): error, data size is invalid(9000) [ 233.541819][ T8951] loop2: detected capacity change from 0 to 256 [ 233.550928][ T8948] exFAT-fs (loop0): Filesystem has been set read-only [pid 5831] openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8954] <... futex resumed>) = 1 [pid 8953] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8948] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8946] <... futex resumed>) = 0 [pid 8953] <... futex resumed>) = 0 [pid 8954] +++ killed by SIGSEGV +++ [pid 8953] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8953] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8943] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] newfstatat(3, "", [pid 8943] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8953] <... mprotect resumed>) = 0 [pid 8948] +++ killed by SIGSEGV +++ [pid 8946] +++ killed by SIGSEGV +++ [pid 8943] <... mmap resumed>) = 0x7f300ac07000 [pid 8953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8943] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 8953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8943] <... mprotect resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8946, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 8953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8943] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8955 attached [pid 8953] <... clone3 resumed> => {parent_tid=[8955]}, 88) = 8955 [pid 8943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8956 attached [pid 8955] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8953] rt_sigprocmask(SIG_SETMASK, [], [pid 8955] <... rseq resumed>) = 0 [pid 8953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8943] <... clone3 resumed> => {parent_tid=[8956]}, 88) = 8956 [pid 8955] set_robust_list(0x7f300ac489a0, 24 [pid 8953] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8943] rt_sigprocmask(SIG_SETMASK, [], [pid 8955] <... set_robust_list resumed>) = 0 [pid 8953] <... futex resumed>) = 0 [pid 8943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8955] rt_sigprocmask(SIG_SETMASK, [], [pid 8953] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8943] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8955] memfd_create("syzkaller", 0 [pid 8943] <... futex resumed>) = 0 [pid 8955] <... memfd_create resumed>) = 3 [pid 8943] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8956] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8955] <... mmap resumed>) = 0x7f3002800000 [pid 5831] getdents64(3, [pid 5830] <... restart_syscall resumed>) = 0 [pid 8956] <... rseq resumed>) = 0 [pid 8956] set_robust_list(0x7f300ac279a0, 24 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8956] <... set_robust_list resumed>) = 0 [pid 5831] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8956] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8956] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 8955] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5830] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./268/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./268/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./268/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 8955] <... write resumed>) = 131072 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./268/file1") = 0 [pid 8956] <... ioctl resumed>) = 0 [pid 8955] munmap(0x7f3002800000, 138412032 [pid 5830] umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8956] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8955] <... munmap resumed>) = 0 [pid 8947] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8956] <... futex resumed>) = 1 [pid 8947] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8943] <... futex resumed>) = 0 [pid 5831] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8956] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8955] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8951] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./268/binderfs", [pid 8955] <... openat resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./272/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 233.582607][ T8947] exFAT-fs (loop4): Filesystem has been set read-only [ 233.596593][ T8951] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8955] ioctl(4, LOOP_SET_FD, 3 [pid 8951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./268/binderfs" [pid 8956] <... futex resumed>) = ? [pid 8956] +++ killed by SIGSEGV +++ [pid 5831] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./272/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 8951] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 8951] chdir("./file1" [pid 5830] getdents64(3, [pid 8951] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8951] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] close(3 [pid 8951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... close resumed>) = 0 [pid 8951] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rmdir("./268" [pid 8951] <... futex resumed>) = 1 [pid 8950] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 8950] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] mkdir("./269", 0777 [pid 8950] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8950] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 8951] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8951] <... openat resumed>) = 4 [pid 5830] <... ioctl resumed>) = 0 [pid 8951] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] +++ killed by SIGSEGV +++ [pid 8943] +++ killed by SIGSEGV +++ [pid 5830] close(3 [pid 8951] <... futex resumed>) = 1 [pid 8950] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] <... close resumed>) = 0 [pid 8950] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8943, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] getdents64(4, [pid 8950] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8950] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] close(4 [pid 8951] mkdir("./file2", 0777 [pid 5834] umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] rmdir("./272/file1" [pid 8955] <... ioctl resumed>) = 0 [pid 8955] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 8955] <... close resumed>) = 0 [pid 8955] close(4) = 0 [pid 8955] mkdir("./file1", 0777) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8955] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 5834] <... openat resumed>) = 3 [pid 5831] umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8957 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 233.641330][ T8955] loop3: detected capacity change from 0 to 256 [ 233.669792][ T8951] exFAT-fs (loop2): error, data size is invalid(9000) [ 233.676620][ T8951] exFAT-fs (loop2): Filesystem has been set read-only [pid 5834] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./272/binderfs", ./strace-static-x86_64: Process 8957 attached [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./272/binderfs" [pid 8957] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8957] chdir("./269" [pid 5831] <... unlink resumed>) = 0 [pid 8957] <... chdir resumed>) = 0 [pid 5831] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] close(3 [pid 8957] <... prctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8957] setpgid(0, 0 [pid 5834] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./272" [pid 8957] <... setpgid resumed>) = 0 [pid 8957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 8957] write(3, "1000", 4 [pid 5831] mkdir("./273", 0777 [pid 8957] <... write resumed>) = 4 [pid 8957] close(3) = 0 [pid 8957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program ) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8950] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5831] <... ioctl resumed>) = 0 [pid 8950] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] close(3 [pid 8950] <... futex resumed>) = 0 [pid 8950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8950] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} => {parent_tid=[8958]}, 88) = 8958 [pid 8950] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8958 attached NULL, 8) = 0 [pid 5831] <... close resumed>) = 0 [pid 8950] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8950] <... futex resumed>) = 0 [pid 8950] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8957] write(1, "executing program\n", 18) = 18 [pid 8957] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8957] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8951] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8957] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8951] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8957] <... mprotect resumed>) = 0 [pid 8957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8959]}, 88) = 8959 ./strace-static-x86_64: Process 8959 attached [pid 8957] rt_sigprocmask(SIG_SETMASK, [], [pid 8959] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8959] <... rseq resumed>) = 0 [pid 8957] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8959] set_robust_list(0x7f300ac489a0, 24 [pid 8957] <... futex resumed>) = 0 [pid 8959] <... set_robust_list resumed>) = 0 [pid 8957] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8959] memfd_create("syzkaller", 0) = 3 [pid 8959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8959] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 ./strace-static-x86_64: Process 8960 attached [pid 8955] <... mount resumed>) = 0 [pid 8950] <... futex resumed>) = ? [pid 5834] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8960 [pid 8960] set_robust_list(0x55556b85b6a0, 24 [ 233.700143][ T8955] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8959] munmap(0x7f3002800000, 138412032 [pid 8958] +++ killed by SIGSEGV +++ [pid 8951] +++ killed by SIGSEGV +++ [pid 8950] +++ killed by SIGSEGV +++ [pid 5834] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8960] <... set_robust_list resumed>) = 0 [pid 8959] <... munmap resumed>) = 0 [pid 8955] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8950, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8960] chdir("./273" [pid 5834] newfstatat(AT_FDCWD, "./269/file1", [pid 8955] <... openat resumed>) = 3 [pid 8955] chdir("./file1") = 0 [pid 8955] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8959] ioctl(4, LOOP_SET_FD, 3 [pid 8955] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8953] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8953] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8953] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8959] <... ioctl resumed>) = 0 [pid 8959] close(3) = 0 [pid 8959] close(4 [pid 5834] openat(AT_FDCWD, "./269/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8960] <... chdir resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 8955] <... futex resumed>) = 1 [pid 8960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] newfstatat(4, "", [pid 5832] umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8960] <... prctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8960] setpgid(0, 0 [pid 8959] <... close resumed>) = 0 [pid 8955] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8960] <... setpgid resumed>) = 0 [pid 8959] mkdir("./file1", 0777 [pid 8955] <... openat resumed>) = 4 [pid 5834] getdents64(4, [pid 5832] <... openat resumed>) = 3 [pid 8960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8959] <... mkdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 8960] <... openat resumed>) = 3 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8960] write(3, "1000", 4 [pid 8959] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 5834] getdents64(4, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8960] <... write resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8960] close(3 [pid 5834] close(4 [pid 5832] getdents64(3, [pid 8960] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 8960] symlink("/dev/binderfs", "./binderfs" [pid 5834] rmdir("./269/file1" [pid 8960] <... symlink resumed>) = 0 [pid 8960] write(1, "executing program\n", 18 [pid 8955] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 executing program [pid 8960] <... write resumed>) = 18 [pid 8955] <... futex resumed>) = 1 [pid 8953] <... futex resumed>) = 0 [pid 5834] umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8960] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8960] <... futex resumed>) = 0 [pid 8955] mkdir("./file2", 0777 [pid 8953] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./269/binderfs", [pid 8960] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8953] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] unlink("./269/binderfs" [pid 8960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8953] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... unlink resumed>) = 0 [pid 8960] <... mmap resumed>) = 0x7f300ac28000 [pid 5834] getdents64(3, [pid 8960] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [ 233.761803][ T8959] loop0: detected capacity change from 0 to 256 [ 233.794497][ T8955] exFAT-fs (loop3): error, data size is invalid(9000) [pid 8960] <... mprotect resumed>) = 0 [pid 5834] close(3 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] rmdir("./269" [pid 8960] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... rmdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./265/file1", [pid 8960] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5834] mkdir("./270", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./265/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8961 attached [pid 5834] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8960] <... clone3 resumed> => {parent_tid=[8961]}, 88) = 8961 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] openat(AT_FDCWD, "./265/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8960] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 4 [pid 8960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(4, "", [pid 8961] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8960] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8961] <... rseq resumed>) = 0 [pid 8960] <... futex resumed>) = 0 [pid 5834] close(3 [pid 5832] getdents64(4, [pid 8955] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8961] set_robust_list(0x7f300ac489a0, 24 [pid 8960] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8959] <... mount resumed>) = 0 [pid 8953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8953] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 8953] <... futex resumed>) = 0 [pid 8961] <... set_robust_list resumed>) = 0 [pid 8953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8961] rt_sigprocmask(SIG_SETMASK, [], [pid 8953] <... mmap resumed>) = 0x7f300ac07000 [pid 5832] close(4 [pid 8955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8953] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = ? ./strace-static-x86_64: Process 8962 attached [pid 8961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... close resumed>) = 0 [pid 8959] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 8961] memfd_create("syzkaller", 0 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8962 [pid 5832] rmdir("./265/file1" [pid 8962] set_robust_list(0x55556b85b6a0, 24 [pid 8959] chdir("./file1" [pid 8962] <... set_robust_list resumed>) = 0 [pid 8959] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 8962] chdir("./270" [pid 8959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 233.812915][ T8959] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 233.829797][ T8955] exFAT-fs (loop3): Filesystem has been set read-only [pid 5832] umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8962] <... chdir resumed>) = 0 [pid 8959] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8961] <... memfd_create resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./265/binderfs", [pid 8961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8961] <... mmap resumed>) = 0x7f3002800000 [pid 8959] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./265/binderfs" [pid 8962] <... prctl resumed>) = 0 [pid 8961] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8959] <... futex resumed>) = 1 [pid 8957] <... futex resumed>) = 0 [pid 8955] +++ killed by SIGSEGV +++ [pid 8953] +++ killed by SIGSEGV +++ [pid 5832] <... unlink resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8953, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5833] umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8957] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8957] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 8957] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] newfstatat(3, "", [pid 8962] setpgid(0, 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8962] <... setpgid resumed>) = 0 [pid 5833] getdents64(3, [pid 8962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8959] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8959] <... openat resumed>) = 4 [pid 5833] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 8959] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 8959] <... futex resumed>) = 1 [pid 8957] <... futex resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8961] <... write resumed>) = 131072 [pid 8962] <... openat resumed>) = 3 [pid 8959] mkdir("./file2", 0777 [pid 8957] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8961] munmap(0x7f3002800000, 138412032 [pid 8957] <... futex resumed>) = 0 [pid 5832] rmdir("./265" [pid 8962] write(3, "1000", 4 [pid 8957] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8962] <... write resumed>) = 4 [pid 8961] <... munmap resumed>) = 0 [pid 8962] close(3) = 0 [pid 8962] symlink("/dev/binderfs", "./binderfs" [pid 8961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./266", 0777executing program [pid 8962] <... symlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8962] write(1, "executing program\n", 18 [pid 8961] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8961] ioctl(4, LOOP_SET_FD, 3 [pid 8962] <... write resumed>) = 18 [pid 5832] <... openat resumed>) = 3 [pid 8962] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8962] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8962] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8963 attached => {parent_tid=[8963]}, 88) = 8963 [pid 8963] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8962] rt_sigprocmask(SIG_SETMASK, [], [pid 8963] <... rseq resumed>) = 0 [pid 8962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8963] set_robust_list(0x7f300ac489a0, 24 [pid 8962] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8963] <... set_robust_list resumed>) = 0 [pid 8962] <... futex resumed>) = 0 [pid 8963] rt_sigprocmask(SIG_SETMASK, [], [pid 8962] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8963] memfd_create("syzkaller", 0) = 3 [pid 8963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 5832] <... ioctl resumed>) = 0 [pid 8963] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] close(3 [pid 8963] <... write resumed>) = 131072 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8959] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 8964 attached [pid 5833] <... umount2 resumed>) = 0 [pid 8964] set_robust_list(0x55556b85b6a0, 24 [pid 5833] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8964 [pid 5833] newfstatat(AT_FDCWD, "./272/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./272/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8963] munmap(0x7f3002800000, 138412032 [pid 5833] <... openat resumed>) = 4 [pid 8963] <... munmap resumed>) = 0 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8964] <... set_robust_list resumed>) = 0 [pid 5833] getdents64(4, [pid 8963] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8963] <... openat resumed>) = 4 [ 233.905270][ T8959] exFAT-fs (loop0): error, data size is invalid(9000) [ 233.918154][ T8961] loop1: detected capacity change from 0 to 256 [ 233.930737][ T8959] exFAT-fs (loop0): Filesystem has been set read-only [pid 5833] getdents64(4, [pid 8964] chdir("./266" [pid 8963] ioctl(4, LOOP_SET_FD, 3 [pid 8961] <... ioctl resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8961] close(3 [pid 8964] <... chdir resumed>) = 0 [pid 8961] <... close resumed>) = 0 [pid 5833] close(4 [pid 8957] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... close resumed>) = 0 [pid 8964] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8961] close(4 [pid 8957] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./272/file1" [pid 8957] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8964] <... prctl resumed>) = 0 [pid 8961] <... close resumed>) = 0 [pid 8957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8961] mkdir("./file1", 0777 [pid 8964] setpgid(0, 0 [pid 8957] <... mmap resumed>) = 0x7f300ac07000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8957] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] newfstatat(AT_FDCWD, "./272/binderfs", [pid 8957] <... mprotect resumed>) = 0 [pid 8964] <... setpgid resumed>) = 0 [pid 8961] <... mkdir resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8957] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] unlink("./272/binderfs" [pid 8964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8961] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8957] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 8964] <... openat resumed>) = 3 [pid 8964] write(3, "1000", 4 [pid 8957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5833] getdents64(3, [pid 8964] <... write resumed>) = 4 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8965 attached [pid 8964] close(3 [pid 8957] <... clone3 resumed> => {parent_tid=[8965]}, 88) = 8965 [pid 5833] close(3 [pid 8964] <... close resumed>) = 0 [pid 8957] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... close resumed>) = 0 [pid 8964] symlink("/dev/binderfs", "./binderfs" [pid 8957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8957] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./272" [pid 8965] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8964] <... symlink resumed>) = 0 [pid 8957] <... futex resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 8965] <... rseq resumed>) = 0 [pid 8959] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8957] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 5833] mkdir("./273", 0777 [ 233.957785][ T8963] loop4: detected capacity change from 0 to 256 [pid 8964] write(1, "executing program\n", 18) = 18 [pid 8957] <... futex resumed>) = ? [pid 5833] <... mkdir resumed>) = 0 [pid 8965] +++ killed by SIGSEGV +++ [pid 8964] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8964] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8959] +++ killed by SIGSEGV +++ [pid 8957] +++ killed by SIGSEGV +++ [pid 8963] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8963] close(3 [pid 5833] <... openat resumed>) = 3 [pid 8963] <... close resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8963] close(4 [pid 5833] <... ioctl resumed>) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8966 attached [pid 8966] set_robust_list(0x55556b85b6a0, 24 [pid 8964] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8963] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8957, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 8966] <... set_robust_list resumed>) = 0 [pid 8963] mkdir("./file1", 0777 [pid 8966] chdir("./273" [pid 8964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8963] <... mkdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8966 [pid 8966] <... chdir resumed>) = 0 [pid 8964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8963] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8966] <... prctl resumed>) = 0 [pid 8966] setpgid(0, 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8966] <... setpgid resumed>) = 0 [pid 8964] <... mmap resumed>) = 0x7f300ac28000 [pid 8966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8964] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... openat resumed>) = 3 [pid 8966] <... openat resumed>) = 3 [pid 8964] <... mprotect resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 8966] write(3, "1000", 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8966] <... write resumed>) = 4 [pid 8964] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] getdents64(3, [pid 8966] close(3 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8966] <... close resumed>) = 0 [pid 8964] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8964] <... clone3 resumed> => {parent_tid=[8967]}, 88) = 8967 [pid 8964] rt_sigprocmask(SIG_SETMASK, [], [pid 8966] write(1, "executing program\n", 18 [pid 8964] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program ./strace-static-x86_64: Process 8967 attached [pid 8964] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8967] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8966] <... write resumed>) = 18 [pid 8964] <... futex resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8967] <... rseq resumed>) = 0 [pid 8964] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8967] set_robust_list(0x7f300ac489a0, 24 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8967] <... set_robust_list resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./269/file1", [pid 8967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8966] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8967] memfd_create("syzkaller", 0) = 3 [pid 5830] umount2("./269/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] openat(AT_FDCWD, "./269/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8966] <... futex resumed>) = 0 [pid 8967] <... mmap resumed>) = 0x7f3002800000 [pid 8966] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 8966] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 234.004121][ T8961] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8966] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8967] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8967] <... write resumed>) = 131072 [pid 8966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8961] <... mount resumed>) = 0 [pid 5830] getdents64(4, ./strace-static-x86_64: Process 8968 attached [pid 8966] <... clone3 resumed> => {parent_tid=[8968]}, 88) = 8968 [pid 8966] rt_sigprocmask(SIG_SETMASK, [], [pid 8968] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8966] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8968] <... rseq resumed>) = 0 [pid 8966] <... futex resumed>) = 0 [pid 8968] set_robust_list(0x7f300ac489a0, 24 [pid 8966] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8968] <... set_robust_list resumed>) = 0 [pid 8968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8967] munmap(0x7f3002800000, 138412032 [pid 8961] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 8967] <... munmap resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8961] <... openat resumed>) = 3 [pid 5830] close(4 [pid 8967] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5830] <... close resumed>) = 0 [pid 8967] ioctl(4, LOOP_SET_FD, 3 [pid 8961] chdir("./file1" [pid 5830] rmdir("./269/file1" [pid 8968] memfd_create("syzkaller", 0) = 3 [pid 8968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8968] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 8961] <... chdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8961] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./269/binderfs", [pid 8961] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8960] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8961] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8960] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] unlink("./269/binderfs" [pid 8968] munmap(0x7f3002800000, 138412032 [pid 8961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8960] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 8968] <... munmap resumed>) = 0 [pid 8967] <... ioctl resumed>) = 0 [pid 8961] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8960] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 8968] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8961] <... openat resumed>) = 4 [pid 5830] rmdir("./269" [pid 8968] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./270", 0777 [pid 8961] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8968] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8961] <... futex resumed>) = 1 [pid 8960] <... futex resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 8968] ioctl(4, LOOP_CLR_FD [pid 8967] close(3 [pid 8968] <... ioctl resumed>) = 0 [pid 8963] <... mount resumed>) = 0 [pid 8967] <... close resumed>) = 0 [pid 8961] mkdir("./file2", 0777 [ 234.071972][ T8963] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 234.094552][ T8967] loop2: detected capacity change from 0 to 256 [pid 8960] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8968] ioctl(4, LOOP_SET_FD, 3 [pid 8967] close(4 [pid 8963] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8960] <... futex resumed>) = 0 [pid 8968] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8963] <... openat resumed>) = 3 [pid 8968] close(4 [pid 8967] <... close resumed>) = 0 [pid 8963] chdir("./file1" [pid 8960] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 3 [pid 8967] mkdir("./file1", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8967] <... mkdir resumed>) = 0 [pid 8963] <... chdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 8967] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8963] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3 [pid 8963] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... close resumed>) = 0 [pid 8963] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8962] <... futex resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8962] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8962] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8963] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8969 ./strace-static-x86_64: Process 8969 attached [pid 8968] <... close resumed>) = 0 [pid 8963] <... openat resumed>) = 4 [pid 8969] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8968] close(3 [pid 8963] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8969] chdir("./270" [pid 8968] <... close resumed>) = 0 [pid 8963] <... futex resumed>) = 1 [pid 8962] <... futex resumed>) = 0 [pid 8969] <... chdir resumed>) = 0 [pid 8968] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8963] mkdir("./file2", 0777 [pid 8962] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8968] <... futex resumed>) = 1 [pid 8962] <... futex resumed>) = 0 [pid 8961] <... mkdir resumed>) = -1 EIO (Input/output error) [ 234.133833][ T8961] exFAT-fs (loop1): error, data size is invalid(9000) [ 234.169223][ T8961] exFAT-fs (loop1): Filesystem has been set read-only [ 234.173393][ T8963] exFAT-fs (loop4): error, data size is invalid(9000) [pid 8961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8969] <... prctl resumed>) = 0 [pid 8968] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8966] <... futex resumed>) = 0 [pid 8962] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8969] setpgid(0, 0 [pid 8968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8966] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8969] <... setpgid resumed>) = 0 [pid 8968] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8968] <... openat resumed>) = 3 [pid 8966] <... futex resumed>) = 0 [pid 8969] <... openat resumed>) = 3 [pid 8968] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8966] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8969] write(3, "1000", 4 [pid 8968] <... futex resumed>) = 0 [pid 8966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8969] <... write resumed>) = 4 [pid 8960] <... futex resumed>) = ? [pid 8969] close(3 [pid 8968] mkdir("./file2", 0777 [pid 8966] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8969] <... close resumed>) = 0 [pid 8968] <... mkdir resumed>) = 0 [pid 8966] <... futex resumed>) = 0 [pid 8969] symlink("/dev/binderfs", "./binderfs" [pid 8968] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8966] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8969] <... symlink resumed>) = 0 [pid 8966] <... futex resumed>) = ? [pid 8969] write(1, "executing program\n", 18executing program [pid 8968] +++ killed by SIGSEGV +++ [pid 8966] +++ killed by SIGSEGV +++ [pid 8969] <... write resumed>) = 18 [pid 8969] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8969] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8966, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 8969] <... mmap resumed>) = 0x7f300ac28000 [pid 8961] +++ killed by SIGSEGV +++ [pid 8960] +++ killed by SIGSEGV +++ [pid 8969] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8960, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8969] <... mprotect resumed>) = 0 [pid 5833] umount2("./273", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8970 attached => {parent_tid=[8970]}, 88) = 8970 [pid 5833] openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./273", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8970] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8969] rt_sigprocmask(SIG_SETMASK, [], [pid 8970] <... rseq resumed>) = 0 [pid 8969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8970] set_robust_list(0x7f300ac489a0, 24 [pid 8969] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8970] <... set_robust_list resumed>) = 0 [pid 8969] <... futex resumed>) = 0 [pid 8970] rt_sigprocmask(SIG_SETMASK, [], [pid 8969] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8970] memfd_create("syzkaller", 0 [pid 8963] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8970] <... memfd_create resumed>) = 3 [pid 8963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8962] <... futex resumed>) = ? [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8963] +++ killed by SIGSEGV +++ [pid 5833] getdents64(3, [pid 5831] newfstatat(3, "", [pid 8970] <... mmap resumed>) = 0x7f3002800000 [pid 8962] +++ killed by SIGSEGV +++ [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8962, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] umount2("./273/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 8967] <... mount resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] newfstatat(AT_FDCWD, "./273/devices.list", [pid 5831] umount2("./273/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8967] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8967] chdir("./file1" [pid 8970] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8967] <... chdir resumed>) = 0 [pid 8967] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] unlink("./273/devices.list" [pid 8970] <... write resumed>) = 131072 [pid 8967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... unlink resumed>) = 0 [ 234.190788][ T8967] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 234.213728][ T8963] exFAT-fs (loop4): Filesystem has been set read-only [pid 8967] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8970] munmap(0x7f3002800000, 138412032 [pid 8967] <... futex resumed>) = 1 [pid 8964] <... futex resumed>) = 0 [pid 5833] umount2("./273/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8967] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8964] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./273/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8964] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./273/binderfs", [pid 8964] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... openat resumed>) = 3 [pid 8967] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(3, "", [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8970] <... munmap resumed>) = 0 [pid 5834] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./273/file1", [pid 8970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8967] <... openat resumed>) = 4 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] unlink("./273/binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8970] close(3 [pid 8967] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8970] <... close resumed>) = 0 [pid 5831] umount2("./273/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8970] close(4 [pid 8967] <... futex resumed>) = 1 [pid 8964] <... futex resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8967] mkdir("./file2", 0777 [pid 8964] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./273/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... unlink resumed>) = 0 [pid 8970] <... close resumed>) = 0 [pid 8964] <... futex resumed>) = 0 [pid 5833] umount2("./273/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 8970] mkdir("./file1", 0777 [pid 8967] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8964] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... umount2 resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(4, "", [pid 8970] <... mkdir resumed>) = 0 [pid 8967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5834] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./273/file2", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8970] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8964] <... futex resumed>) = ? [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] getdents64(4, [pid 8967] +++ killed by SIGSEGV +++ [pid 8964] +++ killed by SIGSEGV +++ [pid 5834] newfstatat(AT_FDCWD, "./270/file1", [pid 5833] umount2("./273/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5834] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./273/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8964, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... openat resumed>) = 4 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] close(4 [pid 5834] openat(AT_FDCWD, "./270/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(4, "", [pid 5831] <... close resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] newfstatat(4, "", [pid 5833] getdents64(4, [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [ 234.282632][ T8970] loop0: detected capacity change from 0 to 256 [ 234.298520][ T8967] exFAT-fs (loop2): error, data size is invalid(9000) [ 234.306983][ T8967] exFAT-fs (loop2): Filesystem has been set read-only [pid 5834] getdents64(4, [pid 5833] getdents64(4, [pid 5832] <... restart_syscall resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] getdents64(4, [pid 5833] close(4 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] close(4 [pid 5833] rmdir("./273/file2" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... close resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] rmdir("./270/file1" [pid 5833] getdents64(3, [pid 5832] <... openat resumed>) = 3 [pid 5834] <... rmdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(3, "", [pid 5834] umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5834] newfstatat(AT_FDCWD, "./270/binderfs", [pid 5833] rmdir("./273" [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] unlink("./270/binderfs" [pid 5833] mkdir("./274", 0777 [pid 5834] <... unlink resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./266/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./266/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] getdents64(3, [pid 5832] openat(AT_FDCWD, "./266/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5834] close(3 [pid 5832] newfstatat(4, "", [pid 5834] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] rmdir("./270" [pid 5832] getdents64(4, [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] getdents64(4, [pid 5833] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] mkdir("./271", 0777 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] close(4 [pid 5831] rmdir("./273/file1" [pid 5834] <... mkdir resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5833] close(3 [pid 5832] rmdir("./266/file1" [pid 5833] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./273/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./273/binderfs", [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8971 attached [pid 8970] <... mount resumed>) = 0 [pid 5831] unlink("./273/binderfs") = 0 [pid 8971] set_robust_list(0x55556b85b6a0, 24 [pid 8970] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(AT_FDCWD, "./266/binderfs", [pid 8971] <... set_robust_list resumed>) = 0 [ 234.335992][ T8970] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5831] getdents64(3, [pid 8971] chdir("./274") = 0 [pid 8970] <... openat resumed>) = 3 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8971 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8970] chdir("./file1" [pid 5834] close(3 [pid 5832] unlink("./266/binderfs" [pid 5831] close(3 [pid 8971] <... prctl resumed>) = 0 [pid 8970] <... chdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8971] setpgid(0, 0 [pid 8970] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... unlink resumed>) = 0 [pid 5831] rmdir("./273" [pid 8971] <... setpgid resumed>) = 0 [pid 8970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(3, [pid 5831] <... rmdir resumed>) = 0 [pid 8971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8970] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./274", 0777 [pid 8970] <... futex resumed>) = 1 [pid 8970] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8969] <... futex resumed>) = 0 [pid 5832] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 8971] <... openat resumed>) = 3 [pid 8971] write(3, "1000", 4) = 4 [pid 8971] close(3) = 0 [pid 8971] symlink("/dev/binderfs", "./binderfs" [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8971] <... symlink resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 8971] write(1, "executing program\n", 18 [pid 8969] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 executing program [pid 8970] <... futex resumed>) = 0 [pid 8969] <... futex resumed>) = 1 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] rmdir("./266" [pid 8971] <... write resumed>) = 18 [pid 8970] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8969] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... ioctl resumed>) = 0 [pid 8971] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] close(3./strace-static-x86_64: Process 8972 attached [pid 8971] <... futex resumed>) = 0 [pid 8970] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 8972] set_robust_list(0x55556b85b6a0, 24 [pid 8970] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8972 [pid 5832] mkdir("./267", 0777 [pid 8972] <... set_robust_list resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 8972] chdir("./271" [pid 8971] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8970] <... futex resumed>) = 1 [pid 8971] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8969] <... futex resumed>) = 0 [pid 8969] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8972] <... chdir resumed>) = 0 [pid 8971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8969] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8972] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8970] mkdir("./file2", 0777 [pid 8969] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8972] <... prctl resumed>) = 0 [pid 8971] <... mmap resumed>) = 0x7f300ac28000 [pid 8972] setpgid(0, 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8972] <... setpgid resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 8972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(3) = 0 [pid 8972] <... openat resumed>) = 3 [pid 8972] write(3, "1000", 4) = 4 [pid 8972] close(3) = 0 [pid 8972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8972] write(1, "executing program\n", 18executing program ) = 18 [pid 8972] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8972] <... futex resumed>) = 0 [pid 8972] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8971] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 8974 attached [pid 8972] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8974] set_robust_list(0x55556b85b6a0, 24 [pid 8972] <... mmap resumed>) = 0x7f300ac28000 [pid 8974] <... set_robust_list resumed>) = 0 [pid 8972] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8974] chdir("./267" [pid 8972] <... mprotect resumed>) = 0 [pid 8974] <... chdir resumed>) = 0 [pid 8972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8974 [pid 8974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8974] setpgid(0, 0 [pid 8972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8974] <... setpgid resumed>) = 0 [pid 8972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8975 attached [pid 8974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8971] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 8973 attached [pid 8975] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8975] set_robust_list(0x7f300ac489a0, 24 [pid 8974] <... openat resumed>) = 3 [pid 8972] <... clone3 resumed> => {parent_tid=[8975]}, 88) = 8975 [pid 8975] <... set_robust_list resumed>) = 0 [pid 8975] rt_sigprocmask(SIG_SETMASK, [], [pid 8972] rt_sigprocmask(SIG_SETMASK, [], [pid 8975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8975] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8974] write(3, "1000", 4 [pid 8972] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8974] <... write resumed>) = 4 [pid 8975] memfd_create("syzkaller", 0 [pid 8973] set_robust_list(0x55556b85b6a0, 24 [pid 8972] <... futex resumed>) = 0 [pid 8971] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8973 [pid 8971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8973] <... set_robust_list resumed>) = 0 [pid 8975] <... memfd_create resumed>) = 3 [pid 8974] close(3 [pid 8972] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8974] <... close resumed>) = 0 [pid 8975] <... mmap resumed>) = 0x7f3002800000 [pid 8974] symlink("/dev/binderfs", "./binderfs" [pid 8975] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8974] <... symlink resumed>) = 0 executing program [pid 8974] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 8976 attached [pid 8974] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8973] chdir("./274" [pid 8974] <... futex resumed>) = 0 [pid 8974] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8976] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8975] <... write resumed>) = 131072 [pid 8974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8976] <... rseq resumed>) = 0 [pid 8976] set_robust_list(0x7f300ac489a0, 24 [pid 8974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8976] <... set_robust_list resumed>) = 0 [pid 8974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8976] rt_sigprocmask(SIG_SETMASK, [], [pid 8974] <... mmap resumed>) = 0x7f300ac28000 [pid 8976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8974] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8976] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8974] <... mprotect resumed>) = 0 [pid 8974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8977 attached [pid 8975] munmap(0x7f3002800000, 138412032 [pid 8973] <... chdir resumed>) = 0 [pid 8971] <... clone3 resumed> => {parent_tid=[8976]}, 88) = 8976 [pid 8971] rt_sigprocmask(SIG_SETMASK, [], [pid 8973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8977] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8975] <... munmap resumed>) = 0 [pid 8973] <... prctl resumed>) = 0 [pid 8971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8977] <... rseq resumed>) = 0 [pid 8977] set_robust_list(0x7f300ac489a0, 24 [pid 8975] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8974] <... clone3 resumed> => {parent_tid=[8977]}, 88) = 8977 [pid 8973] setpgid(0, 0 [pid 8971] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8977] <... set_robust_list resumed>) = 0 [pid 8976] <... futex resumed>) = 0 [pid 8975] <... openat resumed>) = 4 [pid 8974] rt_sigprocmask(SIG_SETMASK, [], [pid 8973] <... setpgid resumed>) = 0 [pid 8971] <... futex resumed>) = 1 [pid 8977] rt_sigprocmask(SIG_SETMASK, [], [pid 8976] memfd_create("syzkaller", 0 [pid 8977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8976] <... memfd_create resumed>) = 3 [pid 8975] ioctl(4, LOOP_SET_FD, 3 [pid 8974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8977] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8971] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8973] <... openat resumed>) = 3 [pid 8970] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8973] write(3, "1000", 4 [pid 8970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8969] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8973] <... write resumed>) = 4 [pid 8973] close(3 [pid 8969] <... futex resumed>) = ? [pid 8973] <... close resumed>) = 0 [pid 8976] <... mmap resumed>) = 0x7f3002800000 [pid 8974] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8977] <... futex resumed>) = 0 [pid 8974] <... futex resumed>) = 1 [pid 8977] memfd_create("syzkaller", 0 [pid 8976] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8974] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8973] symlink("/dev/binderfs", "./binderfs" [pid 8970] +++ killed by SIGSEGV +++ [pid 8969] +++ killed by SIGSEGV +++ [pid 8977] <... memfd_create resumed>) = 3 [pid 8973] <... symlink resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8969, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- executing program [pid 8977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8976] <... write resumed>) = 131072 [pid 8973] write(1, "executing program\n", 18 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8973] <... write resumed>) = 18 [pid 8977] <... mmap resumed>) = 0x7f3002800000 [pid 8973] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8977] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8973] <... futex resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8976] munmap(0x7f3002800000, 138412032 [pid 8973] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8977] <... write resumed>) = 131072 [pid 8976] <... munmap resumed>) = 0 [pid 8973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8976] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 8976] <... openat resumed>) = 4 [ 234.432618][ T8970] exFAT-fs (loop0): error, data size is invalid(9000) [ 234.459658][ T8970] exFAT-fs (loop0): Filesystem has been set read-only [ 234.474933][ T8975] loop4: detected capacity change from 0 to 256 [pid 5830] newfstatat(3, "", [pid 8976] ioctl(4, LOOP_SET_FD, 3 [pid 8973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8976] <... ioctl resumed>) = 0 [pid 8973] <... mmap resumed>) = 0x7f300ac28000 [pid 5830] getdents64(3, [pid 8975] <... ioctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8977] munmap(0x7f3002800000, 138412032 [pid 8976] close(3 [pid 8975] close(3 [pid 8977] <... munmap resumed>) = 0 [pid 8976] <... close resumed>) = 0 [pid 8975] <... close resumed>) = 0 [pid 8976] close(4 [pid 8975] close(4 [pid 8976] <... close resumed>) = 0 [pid 8976] mkdir("./file1", 0777) = 0 [pid 8975] <... close resumed>) = 0 [pid 8977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8976] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8975] mkdir("./file1", 0777 [pid 8973] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8977] <... openat resumed>) = 4 [pid 8975] <... mkdir resumed>) = 0 [pid 8977] ioctl(4, LOOP_SET_FD, 3 [pid 8975] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8973] <... mprotect resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8977] <... ioctl resumed>) = 0 [pid 8973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8977] close(3 [pid 5830] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8977] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8977] close(4 [pid 5830] newfstatat(AT_FDCWD, "./270/file1", ./strace-static-x86_64: Process 8978 attached [pid 8977] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8977] mkdir("./file1", 0777 [pid 5830] umount2("./270/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8978] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8977] <... mkdir resumed>) = 0 [pid 8973] <... clone3 resumed> => {parent_tid=[8978]}, 88) = 8978 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./270/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8977] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./270/file1") = 0 [ 234.500175][ T8976] loop3: detected capacity change from 0 to 256 [ 234.519261][ T8977] loop2: detected capacity change from 0 to 256 [pid 8978] <... rseq resumed>) = 0 [pid 8973] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8978] set_robust_list(0x7f300ac489a0, 24 [pid 8973] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] unlink("./270/binderfs" [pid 8978] <... set_robust_list resumed>) = 0 [pid 8973] <... futex resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8978] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] close(3 [pid 8978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... close resumed>) = 0 [pid 8978] memfd_create("syzkaller", 0 [pid 5830] rmdir("./270") = 0 [pid 5830] mkdir("./271", 0777) = 0 [pid 8978] <... memfd_create resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... openat resumed>) = 3 [pid 8978] <... mmap resumed>) = 0x7f3002800000 [pid 8978] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8973] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 8978] <... write resumed>) = 131072 [pid 5830] <... close resumed>) = 0 [pid 8978] munmap(0x7f3002800000, 138412032 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8978] <... munmap resumed>) = 0 [pid 8978] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8978] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 8979 attached [pid 8978] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8979 [pid 8978] <... close resumed>) = 0 [pid 8979] set_robust_list(0x55556b85b6a0, 24 [pid 8978] close(4 [pid 8979] <... set_robust_list resumed>) = 0 [pid 8978] <... close resumed>) = 0 [pid 8979] chdir("./271" [pid 8978] mkdir("./file1", 0777 [pid 8979] <... chdir resumed>) = 0 [pid 8978] <... mkdir resumed>) = 0 [pid 8979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8978] mount("/dev/loop1", "./file1", "exfat", 0, "" [pid 8979] <... prctl resumed>) = 0 [pid 8979] setpgid(0, 0) = 0 [pid 8979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8979] write(3, "1000", 4) = 4 [pid 8979] close(3) = 0 [pid 8979] symlink("/dev/binderfs", "./binderfs" [pid 8976] <... mount resumed>) = 0 [pid 8976] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORYexecuting program [pid 8979] <... symlink resumed>) = 0 [pid 8979] write(1, "executing program\n", 18) = 18 [pid 8979] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8979] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [ 234.572976][ T8976] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 234.590971][ T8978] loop1: detected capacity change from 0 to 256 [ 234.603853][ T8975] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8979] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8976] <... openat resumed>) = 3 [pid 8979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8976] chdir("./file1") = 0 [pid 8976] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8979] <... mmap resumed>) = 0x7f300ac28000 [pid 8976] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8976] <... futex resumed>) = 1 [pid 8971] <... futex resumed>) = 0 [pid 8979] <... mprotect resumed>) = 0 [pid 8971] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8977] <... mount resumed>) = 0 [pid 8976] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8975] <... mount resumed>) = 0 [pid 8971] <... futex resumed>) = 0 [pid 8979] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8976] <... openat resumed>) = 4 [pid 8975] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8971] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8977] <... openat resumed>) = 3 [pid 8975] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8980 attached [pid 8977] chdir("./file1" [pid 8976] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8975] chdir("./file1" [pid 8980] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8976] <... futex resumed>) = 1 [pid 8971] <... futex resumed>) = 0 [pid 8977] <... chdir resumed>) = 0 [pid 8980] <... rseq resumed>) = 0 [pid 8975] <... chdir resumed>) = 0 [pid 8971] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8979] <... clone3 resumed> => {parent_tid=[8980]}, 88) = 8980 [pid 8971] <... futex resumed>) = 0 [pid 8971] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8979] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8979] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8976] mkdir("./file2", 0777 [pid 8977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8975] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 234.648422][ T8977] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 234.675843][ T8978] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8978] <... mount resumed>) = 0 [pid 8980] set_robust_list(0x7f300ac489a0, 24 [pid 8977] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8975] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8977] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] <... set_robust_list resumed>) = 0 [pid 8978] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8977] <... futex resumed>) = 1 [pid 8975] <... futex resumed>) = 1 [pid 8974] <... futex resumed>) = 0 [pid 8972] <... futex resumed>) = 0 [pid 8980] rt_sigprocmask(SIG_SETMASK, [], [pid 8978] <... openat resumed>) = 3 [pid 8977] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8975] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8974] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8974] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8977] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8978] chdir("./file1" [pid 8972] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] memfd_create("syzkaller", 0 [pid 8978] <... chdir resumed>) = 0 [pid 8975] <... futex resumed>) = 0 [pid 8972] <... futex resumed>) = 1 [pid 8978] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8972] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8978] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8978] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] <... memfd_create resumed>) = 3 [pid 8978] <... futex resumed>) = 1 [pid 8975] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8973] <... futex resumed>) = 0 [pid 8978] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8973] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8980] <... mmap resumed>) = 0x7f3002800000 [pid 8978] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8977] <... openat resumed>) = 4 [pid 8973] <... futex resumed>) = 0 [pid 8977] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8975] <... openat resumed>) = 4 [pid 8978] <... openat resumed>) = 4 [pid 8975] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8973] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8977] <... futex resumed>) = 1 [pid 8975] <... futex resumed>) = 1 [pid 8974] <... futex resumed>) = 0 [pid 8977] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8972] <... futex resumed>) = 0 [pid 8972] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8978] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8972] <... futex resumed>) = 0 [pid 8980] <... write resumed>) = 131072 [pid 8978] <... futex resumed>) = 1 [pid 8973] <... futex resumed>) = 0 [pid 8972] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8973] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8973] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8978] mkdir("./file2", 0777) = -1 EIO (Input/output error) [pid 8978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8973] <... futex resumed>) = ? [pid 8978] +++ killed by SIGSEGV +++ [pid 8980] munmap(0x7f3002800000, 138412032) = 0 [ 234.707353][ T8976] exFAT-fs (loop3): error, data size is invalid(9000) [ 234.734921][ T8976] exFAT-fs (loop3): Filesystem has been set read-only [ 234.741784][ T8978] exFAT-fs (loop1): error, data size is invalid(9000) [ 234.741805][ T8978] exFAT-fs (loop1): Filesystem has been set read-only [pid 8980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8980] ioctl(4, LOOP_SET_FD, 3 [pid 8977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8975] mkdir("./file2", 0777 [pid 8974] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8973] +++ killed by SIGSEGV +++ [pid 8977] mkdir("./file2", 0777 [pid 8971] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8971] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8981 attached => {parent_tid=[8981]}, 88) = 8981 [pid 8981] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8971] rt_sigprocmask(SIG_SETMASK, [], [pid 8981] <... rseq resumed>) = 0 [pid 8971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8981] set_robust_list(0x7f300ac279a0, 24 [pid 8971] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8981] <... set_robust_list resumed>) = 0 [pid 8974] <... futex resumed>) = 0 [pid 8971] <... futex resumed>) = 0 [pid 8981] rt_sigprocmask(SIG_SETMASK, [], [pid 8971] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8974] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8981] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 8981] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8971] <... futex resumed>) = 0 [pid 8981] futex(0x7f300ad1d6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8980] <... ioctl resumed>) = 0 [pid 8980] close(3) = 0 [pid 8980] close(4) = 0 [pid 8972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8972] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac07000 [pid 8972] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8973, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8980] mkdir("./file1", 0777) = 0 [pid 8980] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8972] <... mprotect resumed>) = 0 [pid 8972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 234.753106][ T8980] loop0: detected capacity change from 0 to 256 [ 234.769070][ T8977] exFAT-fs (loop2): error, data size is invalid(9000) [ 234.769334][ T8975] exFAT-fs (loop4): error, data size is invalid(9000) [ 234.792250][ T8977] exFAT-fs (loop2): Filesystem has been set read-only [pid 8972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0}./strace-static-x86_64: Process 8982 attached => {parent_tid=[8982]}, 88) = 8982 [pid 8972] rt_sigprocmask(SIG_SETMASK, [], [pid 8982] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053) = 0 [pid 8972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] umount2("./274", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8972] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8972] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8982] set_robust_list(0x7f300ac279a0, 24 [pid 8976] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8982] <... set_robust_list resumed>) = 0 [pid 8976] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5831] openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8975] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8982] rt_sigprocmask(SIG_SETMASK, [], [pid 8981] <... futex resumed>) = ? [pid 8982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8981] +++ killed by SIGSEGV +++ [pid 8976] +++ killed by SIGSEGV +++ [pid 8975] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8974] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8971] +++ killed by SIGSEGV +++ [pid 5831] <... openat resumed>) = 3 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8971, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 8977] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8974] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8972] <... futex resumed>) = ? [pid 5831] newfstatat(3, "", [pid 8982] +++ killed by SIGSEGV +++ [pid 8975] +++ killed by SIGSEGV +++ [pid 8974] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] getdents64(3, [pid 8974] <... mmap resumed>) = 0x7f300ac07000 [pid 8972] +++ killed by SIGSEGV +++ [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8974] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5831] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8974] <... mprotect resumed>) = 0 [pid 5833] umount2("./274", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8974] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8972, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8974] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5833] openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 8983 attached ) = 3 [pid 8977] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, [pid 8974] <... clone3 resumed> ) = ? [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = 0 [pid 8983] +++ killed by SIGSEGV +++ [pid 8977] +++ killed by SIGSEGV +++ [pid 8974] +++ killed by SIGSEGV +++ [pid 5833] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8974, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] newfstatat(AT_FDCWD, "./274/file1", [pid 5834] <... restart_syscall resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./274/file1", [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./274/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... openat resumed>) = 3 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./274/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] newfstatat(3, "", [pid 5833] openat(AT_FDCWD, "./274/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 5834] getdents64(3, [pid 5833] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5834] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(4, [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(4, "", [pid 5833] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5833] close(4 [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] <... close resumed>) = 0 [pid 5831] getdents64(4, 0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5833] rmdir("./274/file1" [pid 5831] close(4 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5833] umount2("./274/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./274/file1" [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [ 234.820025][ T8975] exFAT-fs (loop4): Filesystem has been set read-only [ 234.842515][ T8980] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5833] unlink("./274/binderfs") = 0 [pid 5831] umount2("./274/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(3, [pid 8980] <... mount resumed>) = 0 [pid 8980] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 8980] chdir("./file1" [pid 5834] <... umount2 resumed>) = 0 [pid 8980] <... chdir resumed>) = 0 [pid 8980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 8980] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8979] <... futex resumed>) = 0 [pid 8980] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8979] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8979] <... futex resumed>) = 0 [pid 8980] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8979] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./274/binderfs", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8980] <... openat resumed>) = 4 [pid 8980] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8979] <... futex resumed>) = 0 [pid 8980] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8979] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] newfstatat(AT_FDCWD, "./271/file1", [pid 5832] newfstatat(AT_FDCWD, "./267/file1", [pid 5831] unlink("./274/binderfs" [pid 8980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8979] <... futex resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8980] mkdir("./file2", 0777 [pid 8979] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./267/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./271/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5833] close(3 [pid 5834] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./267/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] close(3 [pid 5834] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] rmdir("./274" [pid 5831] <... close resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] rmdir("./274" [pid 5833] mkdir("./275", 0777 [pid 5834] getdents64(4, [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5833] <... openat resumed>) = 3 [pid 5831] mkdir("./275", 0777 [pid 5832] newfstatat(4, "", [pid 5834] getdents64(4, [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] close(4 [pid 5832] getdents64(4, [pid 5833] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 5833] close(3 [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] rmdir("./271/file1" [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] getdents64(4, [pid 5834] <... rmdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5834] umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5834] newfstatat(AT_FDCWD, "./271/binderfs", [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8984 attached [pid 8980] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8984] set_robust_list(0x55556b85b6a0, 24 [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8984 [pid 5832] close(4 [pid 5831] <... close resumed>) = 0 [pid 8984] <... set_robust_list resumed>) = 0 [pid 8984] chdir("./275") = 0 [pid 8984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8984] setpgid(0, 0) = 0 [pid 8984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8984] write(3, "1000", 4 [pid 8980] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8984] <... write resumed>) = 4 [pid 8979] <... futex resumed>) = ? [pid 8984] close(3 [pid 8980] +++ killed by SIGSEGV +++ [pid 8979] +++ killed by SIGSEGV +++ [pid 8984] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8979, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 8984] symlink("/dev/binderfs", "./binderfs" [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8984] <... symlink resumed>) = 0 executing program [pid 8984] write(1, "executing program\n", 18) = 18 [pid 5834] unlink("./271/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8984] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... unlink resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 8984] <... futex resumed>) = 0 [pid 5834] getdents64(3, [pid 5832] rmdir("./267/file1"./strace-static-x86_64: Process 8985 attached [pid 8984] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8984] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8985 [pid 5830] umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8985] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... close resumed>) = 0 [pid 5832] umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8985] <... set_robust_list resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] rmdir("./271" [pid 5832] newfstatat(AT_FDCWD, "./267/binderfs", [pid 8985] chdir("./275" [pid 8984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 8985] <... chdir resumed>) = 0 [pid 8984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] mkdir("./272", 0777 [pid 5832] unlink("./267/binderfs" [pid 8985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] newfstatat(3, "", [pid 8985] <... prctl resumed>) = 0 [pid 8984] <... mmap resumed>) = 0x7f300ac28000 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8985] setpgid(0, 0 [pid 8984] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5830] getdents64(3, [pid 8985] <... setpgid resumed>) = 0 [pid 8984] <... mprotect resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8984] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 8985] write(3, "1000", 4 [pid 8984] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 8985] <... write resumed>) = 4 [pid 8984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 5832] rmdir("./267"./strace-static-x86_64: Process 8986 attached [pid 8985] close(3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8986] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8985] <... close resumed>) = 0 [pid 8984] <... clone3 resumed> => {parent_tid=[8986]}, 88) = 8986 [pid 8986] <... rseq resumed>) = 0 [ 234.923774][ T8980] exFAT-fs (loop0): error, data size is invalid(9000) [ 234.950136][ T8980] exFAT-fs (loop0): Filesystem has been set read-only [pid 8985] symlink("/dev/binderfs", "./binderfs" [pid 8984] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8986] set_robust_list(0x7f300ac489a0, 24 [pid 8985] <... symlink resumed>) = 0 [pid 8984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] close(3executing program [pid 8986] <... set_robust_list resumed>) = 0 [pid 8985] write(1, "executing program\n", 18 [pid 8984] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8986] rt_sigprocmask(SIG_SETMASK, [], [pid 8985] <... write resumed>) = 18 [pid 8984] <... futex resumed>) = 0 [pid 8986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8985] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8984] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8986] memfd_create("syzkaller", 0 [pid 8985] <... futex resumed>) = 0 [pid 8985] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8986] <... memfd_create resumed>) = 3 [pid 8985] <... mmap resumed>) = 0x7f300ac28000 [pid 8986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8985] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5832] mkdir("./268", 0777 [pid 5830] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8985] <... mprotect resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8986] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./271/file1", [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8986] <... write resumed>) = 131072 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./271/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8985] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8985] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8987 attached [pid 8986] munmap(0x7f3002800000, 138412032 [pid 5830] openat(AT_FDCWD, "./271/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8986] <... munmap resumed>) = 0 [pid 8985] <... clone3 resumed> => {parent_tid=[8987]}, 88) = 8987 [pid 8985] rt_sigprocmask(SIG_SETMASK, [], [pid 8987] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8987] <... rseq resumed>) = 0 [pid 8985] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8987] set_robust_list(0x7f300ac489a0, 24 [pid 8985] <... futex resumed>) = 0 [pid 8987] <... set_robust_list resumed>) = 0 [pid 8985] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 8987] rt_sigprocmask(SIG_SETMASK, [], [pid 8986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(3 [pid 8987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(4, "", [pid 8987] memfd_create("syzkaller", 0 [pid 8986] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8986] ioctl(4, LOOP_SET_FD, 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(4, [pid 8987] <... memfd_create resumed>) = 3 [pid 8987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 ./strace-static-x86_64: Process 8988 attached [pid 8987] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 8988 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 8989 attached [pid 5830] getdents64(4, [pid 8989] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8988] set_robust_list(0x55556b85b6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8989 [pid 5830] close(4) = 0 [pid 5830] rmdir("./271/file1" [pid 8989] <... set_robust_list resumed>) = 0 [pid 8987] <... write resumed>) = 131072 [pid 5830] <... rmdir resumed>) = 0 [pid 8989] chdir("./268") = 0 [pid 8988] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8989] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8987] munmap(0x7f3002800000, 138412032 [pid 8989] <... prctl resumed>) = 0 [pid 8987] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8989] setpgid(0, 0 [pid 8988] chdir("./272" [pid 8987] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./271/binderfs", [pid 8989] <... setpgid resumed>) = 0 [pid 8987] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./271/binderfs" [pid 8988] <... chdir resumed>) = 0 [pid 8989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8987] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... unlink resumed>) = 0 [pid 8988] <... prctl resumed>) = 0 [pid 5830] getdents64(3, [pid 8989] <... openat resumed>) = 3 [pid 8988] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8989] write(3, "1000", 4) = 4 [pid 8989] close(3) = 0 [pid 8989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] close(3) = 0 executing program [pid 8989] write(1, "executing program\n", 18 [pid 8986] <... ioctl resumed>) = 0 [pid 8989] <... write resumed>) = 18 [pid 8986] close(3 [pid 8989] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8986] <... close resumed>) = 0 [pid 8989] <... futex resumed>) = 0 [pid 8986] close(4 [pid 8989] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8989] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8986] <... close resumed>) = 0 [pid 5830] rmdir("./271" [pid 8989] <... mprotect resumed>) = 0 [pid 8986] mkdir("./file1", 0777 [pid 8989] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8986] <... mkdir resumed>) = 0 [pid 8989] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8986] mount("/dev/loop3", "./file1", "exfat", 0, "" [pid 8989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8990 attached => {parent_tid=[8990]}, 88) = 8990 [pid 8989] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rmdir resumed>) = 0 [pid 8989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] mkdir("./272", 0777 [pid 8989] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8990] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8989] <... futex resumed>) = 0 [pid 8987] <... ioctl resumed>) = 0 [pid 8990] <... rseq resumed>) = 0 [pid 8989] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8990] set_robust_list(0x7f300ac489a0, 24 [pid 8987] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 8990] <... set_robust_list resumed>) = 0 [pid 8990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8987] <... close resumed>) = 0 [pid 8990] memfd_create("syzkaller", 0 [pid 8987] close(4 [pid 8988] <... setpgid resumed>) = 0 [pid 8987] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8990] <... memfd_create resumed>) = 3 [pid 8988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8987] mkdir("./file1", 0777 [pid 5830] <... openat resumed>) = 3 [pid 8990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8987] <... mkdir resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 8990] <... mmap resumed>) = 0x7f3002800000 [pid 8990] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 8988] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8987] mount("/dev/loop1", "./file1", "exfat", 0, ""./strace-static-x86_64: Process 8991 attached [pid 8991] set_robust_list(0x55556b85b6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 8991 [pid 8988] write(3, "1000", 4) = 4 [pid 8991] <... set_robust_list resumed>) = 0 [pid 8988] close(3 [pid 8990] <... write resumed>) = 131072 [pid 8988] <... close resumed>) = 0 [ 235.039119][ T8986] loop3: detected capacity change from 0 to 256 [ 235.053773][ T8987] loop1: detected capacity change from 0 to 256 [pid 8988] symlink("/dev/binderfs", "./binderfs" [pid 8991] chdir("./272" [pid 8990] munmap(0x7f3002800000, 138412032executing program ) = 0 [pid 8991] <... chdir resumed>) = 0 [pid 8988] <... symlink resumed>) = 0 [pid 8991] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8988] write(1, "executing program\n", 18 [pid 8991] <... prctl resumed>) = 0 [pid 8988] <... write resumed>) = 18 [pid 8991] setpgid(0, 0 [pid 8988] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] <... setpgid resumed>) = 0 [pid 8988] <... futex resumed>) = 0 [pid 8988] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8990] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8988] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8990] <... openat resumed>) = 4 [pid 8988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8991] <... openat resumed>) = 3 [pid 8988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8990] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8990] ioctl(4, LOOP_CLR_FD) = 0 [pid 8990] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 8990] close(4 [pid 8988] <... mmap resumed>) = 0x7f300ac28000 [pid 8988] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8991] write(3, "1000", 4) = 4 [pid 8988] <... mprotect resumed>) = 0 [pid 8991] close(3 [pid 8988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8991] <... close resumed>) = 0 [pid 8988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8991] symlink("/dev/binderfs", "./binderfs" [pid 8988] <... clone3 resumed> => {parent_tid=[8992]}, 88) = 8992 ./strace-static-x86_64: Process 8992 attached [pid 8990] <... close resumed>) = 0 [pid 8992] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053) = 0 [pid 8986] <... mount resumed>) = 0 [pid 8992] set_robust_list(0x7f300ac489a0, 24 [pid 8991] <... symlink resumed>) = 0 [pid 8990] close(3 [pid 8988] rt_sigprocmask(SIG_SETMASK, [], [pid 8992] <... set_robust_list resumed>) = 0 [pid 8991] write(1, "executing program\n", 18executing program [pid 8990] <... close resumed>) = 0 [pid 8988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8987] <... mount resumed>) = 0 [pid 8986] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8992] rt_sigprocmask(SIG_SETMASK, [], [pid 8988] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] <... write resumed>) = 18 [pid 8992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8988] <... futex resumed>) = 0 [pid 8986] <... openat resumed>) = 3 [pid 8992] memfd_create("syzkaller", 0 [pid 8991] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8990] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8988] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8987] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8986] chdir("./file1" [pid 8991] <... futex resumed>) = 0 [pid 8990] <... futex resumed>) = 1 [pid 8989] <... futex resumed>) = 0 [pid 8987] <... openat resumed>) = 3 [pid 8992] <... memfd_create resumed>) = 3 [pid 8991] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 8990] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8989] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8986] <... chdir resumed>) = 0 [pid 8992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8991] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8990] <... openat resumed>) = 3 [pid 8989] <... futex resumed>) = 0 [pid 8987] chdir("./file1" [pid 8992] <... mmap resumed>) = 0x7f3002800000 [pid 8989] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8992] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8987] <... chdir resumed>) = 0 [pid 8986] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 235.108534][ T8986] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 235.136681][ T8987] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8990] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8987] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8986] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8990] <... futex resumed>) = 1 [pid 8989] <... futex resumed>) = 0 [pid 8987] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8986] <... futex resumed>) = 1 [pid 8984] <... futex resumed>) = 0 [pid 8991] <... mmap resumed>) = 0x7f300ac28000 [pid 8989] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8987] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8986] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8984] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 8990] mkdir("./file2", 0777 [pid 8989] <... futex resumed>) = 0 [pid 8987] <... futex resumed>) = 1 [pid 8986] <... openat resumed>) = 4 [pid 8985] <... futex resumed>) = 0 [pid 8984] <... futex resumed>) = 0 [pid 8992] <... write resumed>) = 131072 [pid 8991] <... mprotect resumed>) = 0 [pid 8990] <... mkdir resumed>) = 0 [pid 8989] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8987] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8985] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8984] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8991] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8986] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8985] <... futex resumed>) = 0 [pid 8984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8992] munmap(0x7f3002800000, 138412032 [pid 8991] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8990] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8986] <... futex resumed>) = 0 [pid 8985] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8984] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0}./strace-static-x86_64: Process 8993 attached [pid 8984] <... futex resumed>) = 0 [pid 8986] mkdir("./file2", 0777 [pid 8984] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8993] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8992] <... munmap resumed>) = 0 [pid 8991] <... clone3 resumed> => {parent_tid=[8993]}, 88) = 8993 [pid 8987] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8991] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8993] <... rseq resumed>) = 0 [pid 8992] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8991] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8993] set_robust_list(0x7f300ac489a0, 24) = 0 [pid 8993] rt_sigprocmask(SIG_SETMASK, [], [pid 8992] <... openat resumed>) = 4 [pid 8993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8993] memfd_create("syzkaller", 0 [pid 8992] ioctl(4, LOOP_SET_FD, 3 [pid 8989] <... futex resumed>) = ? [pid 8993] <... memfd_create resumed>) = 3 [pid 8990] +++ killed by SIGSEGV +++ [pid 8993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8989] +++ killed by SIGSEGV +++ [pid 8993] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8989, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 8993] <... write resumed>) = 131072 [pid 8993] munmap(0x7f3002800000, 138412032 [pid 8992] <... ioctl resumed>) = 0 [pid 8987] <... openat resumed>) = 4 [pid 8986] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8985] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8984] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8992] close(3 [pid 8986] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8985] futex(0x7f300ad1d6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8984] ???( [pid 8985] <... futex resumed>) = 0 [pid 8992] <... close resumed>) = 0 [pid 8985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8984] <... ??? resumed>) = ? [pid 8992] close(4 [pid 8993] <... munmap resumed>) = 0 [pid 8992] <... close resumed>) = 0 [pid 8987] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8992] mkdir("./file1", 0777 [pid 5832] umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8993] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8992] <... mkdir resumed>) = 0 [pid 8987] <... futex resumed>) = 0 [pid 8986] +++ killed by SIGSEGV +++ [pid 8985] <... mmap resumed>) = 0x7f300ac07000 [pid 8984] +++ killed by SIGSEGV +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8993] <... openat resumed>) = 4 [pid 8992] mount("/dev/loop4", "./file1", "exfat", 0, "" [pid 8987] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8985] mprotect(0x7f300ac08000, 131072, PROT_READ|PROT_WRITE [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8984, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8993] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 3 [pid 8985] <... mprotect resumed>) = 0 [ 235.219708][ T8986] exFAT-fs (loop3): error, data size is invalid(9000) [ 235.226525][ T8986] exFAT-fs (loop3): Filesystem has been set read-only [ 235.248078][ T8992] loop4: detected capacity change from 0 to 256 [pid 8985] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 8985] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac27990, parent_tid=0x7f300ac27990, exit_signal=0, stack=0x7f300ac07000, stack_size=0x20300, tls=0x7f300ac276c0} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./275", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8994 attached [pid 8985] <... clone3 resumed> => {parent_tid=[8994]}, 88) = 8994 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 8985] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55556b85c730 /* 5 entries */, 32768) = 144 [pid 8985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] umount2("./268/devices.list", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8994] rseq(0x7f300ac27fe0, 0x20, 0, 0x53053053 [pid 8985] futex(0x7f300ad1d6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8985] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8985] futex(0x7f300ad1d6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, [pid 8994] <... rseq resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(AT_FDCWD, "./268/devices.list", [pid 5833] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8994] set_robust_list(0x7f300ac279a0, 24 [pid 5832] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8994] <... set_robust_list resumed>) = 0 [pid 5832] unlink("./268/devices.list" [pid 8994] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... unlink resumed>) = 0 [pid 8994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8994] mkdir("./file2", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./268/binderfs") = 0 [ 235.281735][ T8993] loop0: detected capacity change from 0 to 256 [ 235.306727][ T8994] exFAT-fs (loop1): error, data size is invalid(9000) [pid 5832] umount2("./268/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./268/file2", [pid 8993] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8993] close(3 [pid 5832] umount2("./268/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8993] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8993] close(4 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./268/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8993] <... close resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./275/file1", [pid 8993] mkdir("./file1", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(4, "", [pid 5833] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8993] <... mkdir resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 235.320959][ T8992] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 5832] getdents64(4, [pid 8985] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] openat(AT_FDCWD, "./275/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8985] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8993] mount("/dev/loop0", "./file1", "exfat", 0, "" [pid 8987] <... futex resumed>) = 0 [pid 8985] <... futex resumed>) = 1 [pid 5833] <... openat resumed>) = 4 [pid 8985] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8987] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5832] getdents64(4, [pid 8994] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8992] <... mount resumed>) = 0 [pid 8987] <... ioctl resumed>) = 0 [pid 5832] close(4 [pid 8987] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... close resumed>) = 0 [pid 8987] <... futex resumed>) = 1 [pid 8985] <... futex resumed>) = 0 [pid 5832] rmdir("./268/file2" [pid 8987] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5832] close(3 [pid 8992] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8987] <... futex resumed>) = ? [pid 8992] <... openat resumed>) = 3 [pid 8987] +++ killed by SIGSEGV +++ [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... close resumed>) = 0 [pid 8992] chdir("./file1" [pid 5833] getdents64(4, [pid 8992] <... chdir resumed>) = 0 [pid 5832] rmdir("./268" [pid 8992] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5832] <... rmdir resumed>) = 0 [pid 8993] <... mount resumed>) = 0 [pid 8992] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] getdents64(4, [pid 5832] mkdir("./269", 0777 [pid 8994] +++ killed by SIGSEGV +++ [pid 8993] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 8985] +++ killed by SIGSEGV +++ [pid 5833] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8993] <... openat resumed>) = 3 [pid 8992] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8985, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 8993] chdir("./file1" [pid 5833] <... close resumed>) = 0 [pid 8993] <... chdir resumed>) = 0 [pid 8992] <... futex resumed>) = 1 [pid 8988] <... futex resumed>) = 0 [pid 5833] rmdir("./275/file1" [pid 8993] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [ 235.361719][ T8994] exFAT-fs (loop1): Filesystem has been set read-only [ 235.379959][ T8993] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [pid 8993] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 8992] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8988] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8993] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8988] <... futex resumed>) = 0 [pid 5833] umount2("./275/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./275", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8993] <... futex resumed>) = 1 [pid 8992] <... openat resumed>) = 4 [pid 8991] <... futex resumed>) = 0 [pid 8988] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8993] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8992] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./275/binderfs", [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8992] <... futex resumed>) = 1 [pid 8991] <... futex resumed>) = 0 [pid 8988] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8993] openat(AT_FDCWD, "devices.list", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 8992] mkdir("./file2", 0777 [pid 8991] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8988] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(3 [pid 8993] <... openat resumed>) = 4 [pid 8988] <... futex resumed>) = 0 [pid 5833] unlink("./275/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8993] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8988] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] newfstatat(3, "", ./strace-static-x86_64: Process 8995 attached [pid 8993] <... futex resumed>) = 1 [pid 8991] <... futex resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8995] set_robust_list(0x55556b85b6a0, 24 [pid 8993] futex(0x7f300ad1d6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8991] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55556b85b690) = 8995 [pid 5831] getdents64(3, [pid 8995] <... set_robust_list resumed>) = 0 [pid 8993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8991] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8995] chdir("./269" [pid 8993] mkdir("./file2", 0777 [pid 8991] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... chdir resumed>) = 0 [pid 8995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8995] setpgid(0, 0) = 0 [pid 8995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8995] write(3, "1000", 4) = 4 [pid 8995] close(3) = 0 [pid 8995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] close(3 [pid 5831] <... umount2 resumed>) = 0 executing program [pid 8995] write(1, "executing program\n", 18 [pid 5831] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8995] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(AT_FDCWD, "./275/file1", [pid 8995] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8995] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, [pid 5831] umount2("./275/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8995] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./275/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... openat resumed>) = 4 [pid 8995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] newfstatat(4, "", [pid 8995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8993] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5833] rmdir("./275" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8993] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8995] <... mmap resumed>) = 0x7f300ac28000 [pid 5833] <... rmdir resumed>) = 0 [pid 8991] <... futex resumed>) = ? [pid 5831] getdents64(4, [pid 8995] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 8995] <... mprotect resumed>) = 0 [pid 5831] getdents64(4, [pid 8995] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 8995] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] close(4 [pid 8995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8993] +++ killed by SIGSEGV +++ [pid 8991] +++ killed by SIGSEGV +++ [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./275/file1" [pid 8995] <... clone3 resumed> => {parent_tid=[8996]}, 88) = 8996 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8991, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 8995] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] umount2("./275/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... restart_syscall resumed>) = 0 [pid 8995] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(AT_FDCWD, "./275/binderfs", [pid 8995] <... futex resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 8996 attached [pid 8995] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] unlink("./275/binderfs") = 0 [pid 5830] umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8996] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 5833] mkdir("./276", 0777 [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 8996] <... rseq resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5831] rmdir("./275" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8996] set_robust_list(0x7f300ac489a0, 24 [pid 5833] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 8996] <... set_robust_list resumed>) = 0 [pid 5831] mkdir("./276", 0777 [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 8996] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 5830] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8992] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 8988] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8996] memfd_create("syzkaller", 0 [pid 8992] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 8988] ???( [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8996] <... memfd_create resumed>) = 3 [pid 5833] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 8996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8988] <... ??? resumed>) = ? [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = 0 [pid 8996] <... mmap resumed>) = 0x7f3002800000 [pid 5833] close(3 [pid 8996] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 8992] +++ killed by SIGSEGV +++ [pid 8988] +++ killed by SIGSEGV +++ [pid 5831] <... ioctl resumed>) = 0 [pid 5830] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8988, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] restart_syscall(<... resuming interrupted clone ...> [pid 5830] newfstatat(AT_FDCWD, "./272/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8996] <... write resumed>) = 131072 [pid 5830] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8996] munmap(0x7f3002800000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8996] <... munmap resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./272/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(4, 0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5834] umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5834] openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5834] newfstatat(3, "", [pid 5830] close(4 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5834] getdents64(3, [pid 5830] rmdir("./272/file1" [pid 5834] <... getdents64 resumed>0x55556b85c730 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [ 235.447549][ T8992] exFAT-fs (loop4): error, data size is invalid(9000) [ 235.462972][ T8993] exFAT-fs (loop0): error, data size is invalid(9000) [ 235.474370][ T8992] exFAT-fs (loop4): Filesystem has been set read-only [ 235.479897][ T8993] exFAT-fs (loop0): Filesystem has been set read-only [ 235.529528][ T979] ------------[ cut here ]------------ [ 235.535387][ T979] WARNING: CPU: 1 PID: 979 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 [ 235.544277][ T979] Modules linked in: [ 235.548317][ T979] CPU: 1 UID: 0 PID: 979 Comm: kworker/1:3 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 235.558676][ T979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.568786][ T979] Workqueue: events destroy_super_work [ 235.570166][ T8996] loop2: detected capacity change from 0 to 256 [ 235.574291][ T979] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 235.585913][ T979] Code: 18 e8 27 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 235.605651][ T979] RSP: 0018:ffffc90003877a88 EFLAGS: 00010246 [ 235.611792][ T979] RAX: 0000000000000002 RBX: ffff888028b78350 RCX: 5e7229965b1b4600 [ 235.619829][ T979] RDX: 0000000000000000 RSI: ffffffff8bc11fa0 RDI: ffff888028b78350 [ 235.627831][ T979] RBP: 00000000000001a1 R08: ffffffff8dde132f R09: 1ffffffff1bbc265 [ 235.635881][ T979] R10: dffffc0000000000 R11: fffffbfff1bbc266 R12: dffffc0000000000 [ 235.643973][ T979] R13: 1ffff1100516f06a R14: ffff888028b78350 R15: dffffc0000000000 [ 235.651999][ T979] FS: 0000000000000000(0000) GS:ffff8881261f6000(0000) knlGS:0000000000000000 [ 235.661047][ T979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 235.667661][ T979] CR2: 00007fff371cadc8 CR3: 0000000072056000 CR4: 00000000003526f0 [ 235.675709][ T979] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 235.683744][ T979] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 235.691770][ T979] Call Trace: [ 235.695067][ T979] [ 235.698042][ T979] percpu_free_rwsem+0x40/0x80 [ 235.702873][ T979] destroy_super_work+0xee/0x130 [ 235.707841][ T979] ? process_scheduled_works+0x9ec/0x17a0 [ 235.713679][ T979] process_scheduled_works+0xade/0x17a0 [ 235.719319][ T979] ? __pfx_process_scheduled_works+0x10/0x10 [ 235.725350][ T979] worker_thread+0x8a0/0xda0 [ 235.727776][ T8996] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d1950c, utbl_chksum : 0xe619d30d) [ 235.730034][ T979] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 235.748346][ T8999] loop1: detected capacity change from 0 to 256 [ 235.754681][ T979] ? __kthread_parkme+0x7b/0x200 [ 235.759678][ T979] kthread+0x711/0x8a0 [ 235.763794][ T979] ? __pfx_worker_thread+0x10/0x10 [ 235.769008][ T979] ? __pfx_kthread+0x10/0x10 [ 235.773631][ T979] ? __pfx_kthread+0x10/0x10 [pid 5834] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program executing program [pid 5831] <... clone resumed>, child_tidptr=0x55556b85b690) = 8997 ./strace-static-x86_64: Process 8997 attached [pid 8996] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8996] <... openat resumed>) = 4 [pid 8996] ioctl(4, LOOP_SET_FD, 3 [pid 8997] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 8997] chdir("./276" [pid 5833] <... clone resumed>, child_tidptr=0x55556b85b690) = 8998 [pid 8997] <... chdir resumed>) = 0 [pid 8997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8997] setpgid(0, 0) = 0 [pid 8997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8997] write(3, "1000", 4) = 4 [pid 8997] close(3) = 0 [pid 8997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8997] write(1, "executing program\n", 18) = 18 [pid 8997] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8997] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 8997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 8997] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} => {parent_tid=[8999]}, 88) = 8999 [pid 8997] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8999 attached NULL, 8) = 0 [pid 8997] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8999] rseq(0x7f300ac48fe0, 0x20, 0, 0x53053053 [pid 8997] <... futex resumed>) = 0 [pid 8996] <... ioctl resumed>) = 0 [pid 8999] <... rseq resumed>) = 0 [pid 8997] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8996] close(3 [pid 8999] set_robust_list(0x7f300ac489a0, 24 [pid 8996] <... close resumed>) = 0 [pid 8999] <... set_robust_list resumed>) = 0 [pid 8996] close(4 [pid 8999] rt_sigprocmask(SIG_SETMASK, [], [pid 8996] <... close resumed>) = 0 [pid 8999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8996] mkdir("./file1", 0777 [pid 8999] memfd_create("syzkaller", 0 [pid 8996] <... mkdir resumed>) = 0 [pid 8999] <... memfd_create resumed>) = 3 [pid 8996] mount("/dev/loop2", "./file1", "exfat", 0, "" [pid 8999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3002800000 [pid 8999] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5834] <... umount2 resumed>) = 0 [pid 5830] umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5834] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./272/binderfs", [pid 5834] newfstatat(AT_FDCWD, "./272/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./272/binderfs" [pid 5834] umount2("./272/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5834] openat(AT_FDCWD, "./272/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5830] close(3 [pid 5834] newfstatat(4, "", [pid 5830] <... close resumed>) = 0 [pid 5834] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] rmdir("./272" [pid 5834] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 2 entries */, 32768) = 48 [pid 5830] mkdir("./273", 0777 [pid 5834] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 5834] <... getdents64 resumed>0x55556b864770 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] close(4 [pid 5830] <... openat resumed>) = 3 [pid 5834] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5834] rmdir("./272/file1" [pid 5830] <... ioctl resumed>) = 0 [pid 8999] <... write resumed>) = 131072 [pid 5834] <... rmdir resumed>) = 0 [pid 5830] close(3 [pid 5834] umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5834] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] newfstatat(AT_FDCWD, "./272/binderfs", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5834] unlink("./272/binderfs" [pid 5830] <... clone resumed>, child_tidptr=0x55556b85b690) = 9000 [pid 5834] <... unlink resumed>) = 0 [pid 5834] getdents64(3, 0x55556b85c730 /* 0 entries */, 32768) = 0 [pid 8999] munmap(0x7f3002800000, 138412032 [pid 5834] close(3 [pid 8999] <... munmap resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5834] rmdir("./272") = 0 [pid 5834] mkdir("./273", 0777) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 8999] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... ioctl resumed>) = 0 [pid 8999] <... openat resumed>) = 4 [pid 5834] close(3 [pid 8999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8999] close(3) = 0 [pid 5834] <... close resumed>) = 0 [pid 8999] close(4 [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8999] <... close resumed>) = 0 [pid 8999] mkdir("./file1", 0777) = 0 [pid 8999] mount("/dev/loop1", "./file1", "exfat", 0, ""./strace-static-x86_64: Process 9001 attached [pid 5834] <... clone resumed>, child_tidptr=0x55556b85b690) = 9001 [pid 9001] set_robust_list(0x55556b85b6a0, 24) = 0 [pid 9001] chdir("./273") = 0 [pid 9001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9001] setpgid(0, 0) = 0 [pid 9001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9001] write(3, "1000", 4) = 4 [pid 9001] close(3) = 0 [pid 9001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9001] write(1, "executing program\n", 18) = 18 [pid 9001] futex(0x7f300ad1d6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9001] rt_sigaction(SIGRT_1, {sa_handler=0x7f300acc3490, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f300acb4dd0}, NULL, 8) = 0 [pid 9001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f300ac28000 [pid 9001] mprotect(0x7f300ac29000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9001] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 8998 attached [], 8) = 0 [pid 9001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f300ac48990, parent_tid=0x7f300ac48990, exit_signal=0, stack=0x7f300ac28000, stack_size=0x20300, tls=0x7f300ac486c0} [pid 8998] set_robust_list(0x55556b85b6a0, 24 [pid 9001] <... clone3 resumed> => {parent_tid=[9002]}, 88) = 9002 [pid 9001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8998] <... set_robust_list resumed>) = 0 [pid 8998] chdir("./276" [pid 9001] futex(0x7f300ad1d6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9001] futex(0x7f300ad1d6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8998] <... chdir resumed>) = 0 [pid 8998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8998] setpgid(0, 0) = 0 [ 235.778257][ T979] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.783532][ T979] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.788801][ T979] ? __pfx_kthread+0x10/0x10 [ 235.793437][ T979] ret_from_fork+0x4b/0x80 [ 235.797885][ T979] ? __pfx_kthread+0x10/0x10 [ 235.802534][ T979] ret_from_fork_asm+0x1a/0x30 [ 235.807355][ T979] [ 235.810492][ T979] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 235.817792][ T979] CPU: 1 UID: 0 PID: 979 Comm: kworker/1:3 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [pid 8998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 9000 attached [pid 8996] <... mount resumed>) = 0 [pid 9000] set_robust_list(0x55556b85b6a0, 24 [pid 8998] write(3, "1000", 4 [pid 8996] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 9000] <... set_robust_list resumed>) = 0 [pid 8998] <... write resumed>) = 4 [pid 8996] <... openat resumed>) = 3 [ 235.828052][ T979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.838131][ T979] Workqueue: events destroy_super_work [ 235.843634][ T979] Call Trace: [ 235.846937][ T979] [ 235.849893][ T979] dump_stack_lvl+0x99/0x250 [ 235.854516][ T979] ? __asan_memcpy+0x40/0x70 [ 235.859137][ T979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.864353][ T979] ? __pfx__printk+0x10/0x10 [ 235.869057][ T979] panic+0x2db/0x790 [ 235.872968][ T979] ? __pfx_panic+0x10/0x10 [ 235.877393][ T979] ? show_trace_log_lvl+0x4fb/0x550 [ 235.882607][ T979] ? ret_from_fork_asm+0x1a/0x30 [ 235.887556][ T979] __warn+0x31b/0x4b0 [ 235.891544][ T979] ? rcu_sync_dtor+0xcd/0x180 [ 235.896233][ T979] ? rcu_sync_dtor+0xcd/0x180 [ 235.900913][ T979] report_bug+0x2be/0x4f0 [ 235.905244][ T979] ? rcu_sync_dtor+0xcd/0x180 [ 235.909923][ T979] ? rcu_sync_dtor+0xcd/0x180 [ 235.914602][ T979] ? rcu_sync_dtor+0xcf/0x180 [ 235.919285][ T979] handle_bug+0x84/0x160 [ 235.923537][ T979] exc_invalid_op+0x1a/0x50 [ 235.928048][ T979] asm_exc_invalid_op+0x1a/0x20 [ 235.932901][ T979] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 235.938192][ T979] Code: 18 e8 27 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 235.957792][ T979] RSP: 0018:ffffc90003877a88 EFLAGS: 00010246 [ 235.963862][ T979] RAX: 0000000000000002 RBX: ffff888028b78350 RCX: 5e7229965b1b4600 [ 235.971834][ T979] RDX: 0000000000000000 RSI: ffffffff8bc11fa0 RDI: ffff888028b78350 [ 235.979807][ T979] RBP: 00000000000001a1 R08: ffffffff8dde132f R09: 1ffffffff1bbc265 [ 235.987772][ T979] R10: dffffc0000000000 R11: fffffbfff1bbc266 R12: dffffc0000000000 [ 235.995742][ T979] R13: 1ffff1100516f06a R14: ffff888028b78350 R15: dffffc0000000000 [ 236.003723][ T979] ? destroy_super_work+0xe2/0x130 [ 236.008847][ T979] percpu_free_rwsem+0x40/0x80 [ 236.013614][ T979] destroy_super_work+0xee/0x130 [ 236.018564][ T979] ? process_scheduled_works+0x9ec/0x17a0 [ 236.024296][ T979] process_scheduled_works+0xade/0x17a0 [ 236.029874][ T979] ? __pfx_process_scheduled_works+0x10/0x10 [ 236.035877][ T979] worker_thread+0x8a0/0xda0 [ 236.040471][ T979] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 236.046808][ T979] ? __kthread_parkme+0x7b/0x200 [ 236.051752][ T979] kthread+0x711/0x8a0 [ 236.055823][ T979] ? __pfx_worker_thread+0x10/0x10 [ 236.060929][ T979] ? __pfx_kthread+0x10/0x10 [ 236.065522][ T979] ? __pfx_kthread+0x10/0x10 [ 236.070115][ T979] ? _raw_spin_unlock_irq+0x23/0x50 [ 236.075317][ T979] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.080534][ T979] ? __pfx_kthread+0x10/0x10 [ 236.085127][ T979] ret_from_fork+0x4b/0x80 [ 236.089548][ T979] ? __pfx_kthread+0x10/0x10 [ 236.094144][ T979] ret_from_fork_asm+0x1a/0x30 [ 236.098934][ T979] [ 236.102258][ T979] Kernel Offset: disabled [ 236.106592][ T979] Rebooting in 86400 seconds..