./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2885988200 <...> Warning: Permanently added '10.128.0.255' (ED25519) to the list of known hosts. execve("./syz-executor2885988200", ["./syz-executor2885988200"], 0x7ffde454c1e0 /* 10 vars */) = 0 brk(NULL) = 0x5555560f0000 brk(0x5555560f0d40) = 0x5555560f0d40 arch_prctl(ARCH_SET_FS, 0x5555560f03c0) = 0 set_tid_address(0x5555560f0690) = 5013 set_robust_list(0x5555560f06a0, 24) = 0 rseq(0x5555560f0ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2885988200", 4096) = 28 getrandom("\x61\x73\xf1\x63\xbd\xf6\x7d\x33", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555560f0d40 brk(0x555556111d40) = 0x555556111d40 brk(0x555556112000) = 0x555556112000 mprotect(0x7f15ac9dc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.OnxwJY", 0700) = 0 chmod("./syzkaller.OnxwJY", 0777) = 0 chdir("./syzkaller.OnxwJY") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5014] chdir("./0") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5014] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5015]}, 88) = 5015 [pid 5014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5014] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5015 attached [pid 5015] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5015] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5015] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5015] munmap(0x7f15a44f6000, 131072) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file0", 0777) = 0 [ 64.295861][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor288' [ 64.316999][ T5015] loop0: detected capacity change from 0 to 256 [pid 5015] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./file0") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] mkdir("./file0", 000 [pid 5014] <... mmap resumed>) = 0x7f15a44f5000 [pid 5014] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0}./strace-static-x86_64: Process 5017 attached => {parent_tid=[5017]}, 88) = 5017 [pid 5014] rt_sigprocmask(SIG_SETMASK, [], [pid 5017] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053 [pid 5014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5017] <... rseq resumed>) = 0 [pid 5014] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] set_robust_list(0x7f15a45159a0, 24 [pid 5014] <... futex resumed>) = 0 [pid 5017] <... set_robust_list resumed>) = 0 [pid 5014] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5017] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5017] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5017] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5014] <... futex resumed>) = 0 [pid 5017] getdents64(4, [pid 5014] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... mkdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5015] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5014] <... futex resumed>) = 0 [pid 5017] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] exit_group(0 [pid 5017] <... futex resumed>) = ? [pid 5015] <... futex resumed>) = ? [pid 5014] <... exit_group resumed>) = ? [pid 5017] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 64.334446][ T5015] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5018] chdir("./1") = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5018] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5018] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5019]}, 88) = 5019 [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5018] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5019 attached [pid 5019] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5019] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5019] memfd_create("syzkaller", 0) = 3 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5019] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5019] munmap(0x7f15a44f6000, 131072) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5019] close(3) = 0 [pid 5019] mkdir("./file0", 0777) = 0 [pid 5019] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5019] chdir("./file0") = 0 [pid 5019] ioctl(4, LOOP_CLR_FD) = 0 [pid 5019] close(4) = 0 [pid 5019] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5019] <... futex resumed>) = 1 [pid 5018] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] mkdir("./file0", 000 [pid 5018] <... futex resumed>) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5018] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5020]}, 88) = 5020 ./strace-static-x86_64: Process 5020 attached [pid 5020] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5020] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5020] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5018] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... futex resumed>) = 0 [pid 5018] <... futex resumed>) = 1 [pid 5020] openat(AT_FDCWD, ".", O_RDONLY [pid 5018] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 4 [pid 5020] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5020] getdents64(4, [pid 5018] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... mkdir resumed>) = 0 [pid 5020] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5019] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] exit_group(0) = ? [pid 5020] <... futex resumed>) = ? [pid 5019] <... futex resumed>) = ? [pid 5019] +++ exited with 0 +++ [pid 5020] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 64.432159][ T5019] loop0: detected capacity change from 0 to 256 [ 64.448730][ T5019] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5021 ./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5021] chdir("./2") = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5021] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5021] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5022]}, 88) = 5022 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5022 attached [pid 5022] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5022] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5022] memfd_create("syzkaller", 0) = 3 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5022] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5022] munmap(0x7f15a44f6000, 131072) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5022] close(3) = 0 [pid 5022] mkdir("./file0", 0777) = 0 [pid 5022] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5022] chdir("./file0") = 0 [pid 5022] ioctl(4, LOOP_CLR_FD) = 0 [pid 5022] close(4) = 0 [pid 5022] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5021] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5023]}, 88) = 5023 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... futex resumed>) = 1 [pid 5022] mkdir("./file0", 000) = 0 [pid 5022] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5023 attached [pid 5023] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5023] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5023] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5023] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... futex resumed>) = 0 [pid 5022] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5022] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] exit_group(0) = ? [pid 5022] <... futex resumed>) = ? [pid 5022] +++ exited with 0 +++ [pid 5023] <... futex resumed>) = ? [pid 5023] +++ exited with 0 +++ [pid 5021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5024 [ 64.525800][ T5022] loop0: detected capacity change from 0 to 256 [ 64.545293][ T5022] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5024] chdir("./3") = 0 [pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5024] setpgid(0, 0) = 0 [pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5024] write(3, "1000", 4) = 4 [pid 5024] close(3) = 0 [pid 5024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5024] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5024] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5025]}, 88) = 5025 [pid 5024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5024] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached [pid 5025] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5025] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5025] memfd_create("syzkaller", 0) = 3 [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5025] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5025] munmap(0x7f15a44f6000, 131072) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5025] close(3) = 0 [pid 5025] mkdir("./file0", 0777) = 0 [pid 5025] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5025] chdir("./file0") = 0 [pid 5025] ioctl(4, LOOP_CLR_FD) = 0 [pid 5025] close(4) = 0 [pid 5025] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5024] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5026]}, 88) = 5026 [pid 5024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5024] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5026 attached [pid 5026] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5026] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5026] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5026] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = 0 [pid 5025] mkdir("./file0", 000 [pid 5026] <... futex resumed>) = 1 [pid 5026] getdents64(4, [pid 5025] <... mkdir resumed>) = 0 [pid 5026] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5025] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5026] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] exit_group(0) = ? [pid 5026] <... futex resumed>) = ? [pid 5025] <... futex resumed>) = ? [pid 5025] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 5024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5024, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 [ 64.628581][ T5025] loop0: detected capacity change from 0 to 256 [ 64.645283][ T5025] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5027 ./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5027] chdir("./4") = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5027] setpgid(0, 0) = 0 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5027] write(3, "1000", 4) = 4 [pid 5027] close(3) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5027] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5027] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5028 attached => {parent_tid=[5028]}, 88) = 5028 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5027] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5028] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5028] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5028] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5028] munmap(0x7f15a44f6000, 131072) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file0", 0777) = 0 [pid 5028] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5028] chdir("./file0") = 0 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [pid 5028] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5028] mkdir("./file0", 000 [pid 5027] <... mmap resumed>) = 0x7f15a44f5000 [pid 5027] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5029]}, 88) = 5029 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5027] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5029 attached [pid 5028] <... mkdir resumed>) = 0 [pid 5027] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053 [pid 5028] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... rseq resumed>) = 0 [pid 5028] <... futex resumed>) = 0 [pid 5029] set_robust_list(0x7f15a45159a0, 24 [pid 5028] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... set_robust_list resumed>) = 0 [pid 5029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5029] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5029] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5029] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5028] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5027] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5028] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] exit_group(0 [pid 5029] <... futex resumed>) = ? [pid 5028] <... futex resumed>) = ? [pid 5027] <... exit_group resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5030 ./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5030] chdir("./5") = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5030] setpgid(0, 0) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5030] close(3) = 0 [pid 5030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5030] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 64.744915][ T5028] loop0: detected capacity change from 0 to 256 [ 64.760288][ T5028] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5030] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5031]}, 88) = 5031 [pid 5030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5030] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5031 attached [pid 5031] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5031] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5031] memfd_create("syzkaller", 0) = 3 [pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5031] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5031] munmap(0x7f15a44f6000, 131072) = 0 [pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5031] close(3) = 0 [pid 5031] mkdir("./file0", 0777) = 0 [pid 5031] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5031] chdir("./file0") = 0 [pid 5031] ioctl(4, LOOP_CLR_FD) = 0 [pid 5031] close(4) = 0 [pid 5031] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5030] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5032]}, 88) = 5032 [pid 5030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5030] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] mkdir("./file0", 000) = 0 [pid 5031] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5032 attached [pid 5032] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5032] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5032] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5032] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5031] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5031] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] exit_group(0) = ? [pid 5031] +++ exited with 0 +++ [pid 5032] <... futex resumed>) = ? [pid 5032] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5033] chdir("./6") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [ 64.840352][ T5031] loop0: detected capacity change from 0 to 256 [ 64.857007][ T5031] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5033] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5034 attached [pid 5034] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053 [pid 5033] <... clone3 resumed> => {parent_tid=[5034]}, 88) = 5034 [pid 5034] <... rseq resumed>) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] set_robust_list(0x7f15ac9169a0, 24 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5033] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] memfd_create("syzkaller", 0) = 3 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5034] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5034] munmap(0x7f15a44f6000, 131072) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5034] close(3) = 0 [pid 5034] mkdir("./file0", 0777) = 0 [pid 5034] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5034] chdir("./file0") = 0 [pid 5034] ioctl(4, LOOP_CLR_FD) = 0 [pid 5034] close(4) = 0 [pid 5034] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5033] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5035]}, 88) = 5035 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] mkdir("./file0", 000./strace-static-x86_64: Process 5035 attached ) = 0 [pid 5034] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5035] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5035] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5035] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5035] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 1 [pid 5034] getdents64(4, [pid 5033] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5034] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] exit_group(0 [pid 5035] <... futex resumed>) = ? [pid 5034] <... futex resumed>) = ? [pid 5033] <... exit_group resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5036 [ 64.944578][ T5034] loop0: detected capacity change from 0 to 256 [ 64.959349][ T5034] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5036] chdir("./7") = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5036] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5037]}, 88) = 5037 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5036] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5037 attached [pid 5037] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5037] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] memfd_create("syzkaller", 0) = 3 [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5037] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5037] munmap(0x7f15a44f6000, 131072) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5037] close(3) = 0 [pid 5037] mkdir("./file0", 0777) = 0 [pid 5037] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5037] chdir("./file0") = 0 [pid 5037] ioctl(4, LOOP_CLR_FD) = 0 [pid 5037] close(4) = 0 [pid 5037] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5036] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5038]}, 88) = 5038 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5036] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 1 [pid 5037] mkdir("./file0", 000) = 0 [pid 5037] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5038] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5038] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5038] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = 1 [pid 5037] getdents64(4, [pid 5036] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5037] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] exit_group(0 [pid 5038] <... futex resumed>) = ? [pid 5037] <... futex resumed>) = ? [pid 5036] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5039 ./strace-static-x86_64: Process 5039 attached [ 65.052222][ T5037] loop0: detected capacity change from 0 to 256 [ 65.067921][ T5037] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5039] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5039] chdir("./8") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5039] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5040 attached => {parent_tid=[5040]}, 88) = 5040 [pid 5040] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5040] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5040] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5040] munmap(0x7f15a44f6000, 131072) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file0", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file0") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5039] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5041]}, 88) = 5041 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] mkdir("./file0", 000./strace-static-x86_64: Process 5041 attached [pid 5041] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5041] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... mkdir resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] getdents64(4, [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5041] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] exit_group(0) = ? [pid 5040] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5041] <... futex resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 65.158312][ T5040] loop0: detected capacity change from 0 to 256 [ 65.173570][ T5040] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5042] chdir("./9") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5042] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[5043]}, 88) = 5043 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5043] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5043] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5043] munmap(0x7f15a44f6000, 131072) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file0", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5043] chdir("./file0") = 0 [pid 5043] ioctl(4, LOOP_CLR_FD) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5043] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5042] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5044]}, 88) = 5044 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 0 [pid 5043] mkdir("./file0", 000./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5044] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] <... mkdir resumed>) = 0 [pid 5043] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] openat(AT_FDCWD, ".", O_RDONLY [pid 5043] <... futex resumed>) = 0 [pid 5044] <... openat resumed>) = 4 [pid 5043] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5044] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5043] getdents64(4, [pid 5042] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5043] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5042] <... exit_group resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 65.282079][ T5043] loop0: detected capacity change from 0 to 256 [ 65.296005][ T5043] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) rmdir("./9/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5045 ./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5045] chdir("./10") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5045] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5046]}, 88) = 5046 ./strace-static-x86_64: Process 5046 attached [pid 5045] rt_sigprocmask(SIG_SETMASK, [], [pid 5046] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5045] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 0 [pid 5046] memfd_create("syzkaller", 0) = 3 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5046] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5046] munmap(0x7f15a44f6000, 131072) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5046] close(3) = 0 [pid 5046] mkdir("./file0", 0777) = 0 [pid 5046] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5046] chdir("./file0") = 0 [pid 5046] ioctl(4, LOOP_CLR_FD) = 0 [pid 5046] close(4) = 0 [pid 5046] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5045] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5047]}, 88) = 5047 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 1 [pid 5046] mkdir("./file0", 000) = 0 [pid 5046] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5047 attached [pid 5047] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5047] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5047] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 0 [pid 5046] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5046] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] exit_group(0) = ? [pid 5046] <... futex resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5047] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 [ 65.399748][ T5046] loop0: detected capacity change from 0 to 256 [ 65.414211][ T5046] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5048 attached , child_tidptr=0x5555560f0690) = 5048 [pid 5048] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5048] chdir("./11") = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 [pid 5048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5048] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5048] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5049 attached => {parent_tid=[5049]}, 88) = 5049 [pid 5049] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5049] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5048] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5048] <... futex resumed>) = 0 [pid 5049] memfd_create("syzkaller", 0) = 3 [pid 5048] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5049] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5049] munmap(0x7f15a44f6000, 131072) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5049] close(3) = 0 [pid 5049] mkdir("./file0", 0777) = 0 [pid 5049] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5049] chdir("./file0") = 0 [pid 5049] ioctl(4, LOOP_CLR_FD) = 0 [pid 5049] close(4) = 0 [pid 5049] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5048] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5050]}, 88) = 5050 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 0 [pid 5049] mkdir("./file0", 000) = 0 [pid 5049] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5050 attached [pid 5050] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5050] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5050] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5048] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5048] <... futex resumed>) = 1 [pid 5049] getdents64(4, [pid 5048] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5049] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5049] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] exit_group(0 [pid 5049] <... futex resumed>) = ? [pid 5048] <... exit_group resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5051 [ 65.514518][ T5049] loop0: detected capacity change from 0 to 256 [ 65.529365][ T5049] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5051] chdir("./12") = 0 [pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5051] setpgid(0, 0) = 0 [pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5051] write(3, "1000", 4) = 4 [pid 5051] close(3) = 0 [pid 5051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5051] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5051] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5052 attached => {parent_tid=[5052]}, 88) = 5052 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5051] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5052] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5052] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] memfd_create("syzkaller", 0) = 3 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5052] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5052] munmap(0x7f15a44f6000, 131072) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5052] close(3) = 0 [pid 5052] mkdir("./file0", 0777) = 0 [pid 5052] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5052] chdir("./file0") = 0 [pid 5052] ioctl(4, LOOP_CLR_FD) = 0 [pid 5052] close(4) = 0 [pid 5052] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5051] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5053]}, 88) = 5053 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5051] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] mkdir("./file0", 000) = 0 [pid 5052] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5053 attached [pid 5053] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5053] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5053] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5052] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] exit_group(0) = ? [pid 5053] <... futex resumed>) = ? [pid 5053] +++ exited with 0 +++ [pid 5052] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5051, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 65.621013][ T5052] loop0: detected capacity change from 0 to 256 [ 65.636725][ T5052] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5054] chdir("./13") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5054] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5055]}, 88) = 5055 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5055 attached [pid 5055] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5055] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] memfd_create("syzkaller", 0) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5055] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5055] munmap(0x7f15a44f6000, 131072) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./file0", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./file0") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] mkdir("./file0", 000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5054] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0}./strace-static-x86_64: Process 5056 attached => {parent_tid=[5056]}, 88) = 5056 [pid 5056] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... rseq resumed>) = 0 [pid 5056] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5056] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 1 [pid 5056] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5055] <... mkdir resumed>) = 0 [pid 5056] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5056] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] exit_group(0 [pid 5056] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 [ 65.715424][ T5055] loop0: detected capacity change from 0 to 256 [ 65.732847][ T5055] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5057] chdir("./14") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5057] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0}./strace-static-x86_64: Process 5058 attached [pid 5058] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053 [pid 5057] <... clone3 resumed> => {parent_tid=[5058]}, 88) = 5058 [pid 5058] <... rseq resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] set_robust_list(0x7f15ac9169a0, 24 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] <... set_robust_list resumed>) = 0 [pid 5057] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] memfd_create("syzkaller", 0) = 3 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5058] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5058] munmap(0x7f15a44f6000, 131072) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5058] close(3) = 0 [pid 5058] mkdir("./file0", 0777) = 0 [pid 5058] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5058] chdir("./file0") = 0 [pid 5058] ioctl(4, LOOP_CLR_FD) = 0 [pid 5058] close(4) = 0 [pid 5058] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5057] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5059]}, 88) = 5059 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 1 [pid 5058] mkdir("./file0", 000) = 0 [pid 5058] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5059] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 0 [pid 5058] getdents64(4, 0x20000080 /* 5 entries */, 152) = 144 [pid 5058] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5057] exit_group(0) = ? [pid 5058] <... futex resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5059] <... futex resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5060 ./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x5555560f06a0, 24) = 0 [ 65.828109][ T5058] loop0: detected capacity change from 0 to 256 [ 65.842734][ T5058] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5060] chdir("./15") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5060] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5061]}, 88) = 5061 ./strace-static-x86_64: Process 5061 attached [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] memfd_create("syzkaller", 0) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5061] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5061] munmap(0x7f15a44f6000, 131072) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5061] close(3) = 0 [pid 5061] mkdir("./file0", 0777) = 0 [pid 5061] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5061] chdir("./file0") = 0 [pid 5061] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] close(4) = 0 [pid 5061] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5061] mkdir("./file0", 000 [pid 5060] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5060] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5062]}, 88) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5061] <... mkdir resumed>) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 0 [pid 5062] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053 [pid 5061] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... rseq resumed>) = 0 [pid 5062] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5062] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5062] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5061] getdents64(4, [pid 5060] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5061] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] exit_group(0 [pid 5062] <... futex resumed>) = ? [pid 5061] <... futex resumed>) = ? [pid 5060] <... exit_group resumed>) = ? [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5063 [ 65.928824][ T5061] loop0: detected capacity change from 0 to 256 [ 65.943473][ T5061] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5063] chdir("./16") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5063] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5064]}, 88) = 5064 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5064] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5064] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5064] munmap(0x7f15a44f6000, 131072) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5063] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5065]}, 88) = 5065 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] mkdir("./file0", 000./strace-static-x86_64: Process 5065 attached [pid 5065] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5065] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5065] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] getdents64(4, [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5065] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5065] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] exit_group(0) = ? [pid 5065] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] <... futex resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5066] chdir("./17") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 66.032440][ T5064] loop0: detected capacity change from 0 to 256 [ 66.047958][ T5064] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5066] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5067]}, 88) = 5067 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5067] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5067] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5067] munmap(0x7f15a44f6000, 131072) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file0", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5067] mkdir("./file0", 000 [pid 5066] <... mmap resumed>) = 0x7f15a44f5000 [pid 5066] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5068]}, 88) = 5068 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5068] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5068] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] getdents64(4, [pid 5067] <... mkdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x20000080 /* 5 entries */, 152) = 144 [pid 5068] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5068] futex(0x7f15ac9e26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f15ac9e26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] exit_group(0 [pid 5068] <... futex resumed>) = ? [pid 5067] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f1730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f0690) = 5069 ./strace-static-x86_64: Process 5069 attached [ 66.127026][ T5067] loop0: detected capacity change from 0 to 256 [ 66.141626][ T5067] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5069] set_robust_list(0x5555560f06a0, 24) = 0 [pid 5069] chdir("./18") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] rt_sigaction(SIGRT_1, {sa_handler=0x7f15ac97fe70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f15ac971020}, NULL, 8) = 0 [pid 5069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15ac8f6000 [pid 5069] mprotect(0x7f15ac8f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15ac916990, parent_tid=0x7f15ac916990, exit_signal=0, stack=0x7f15ac8f6000, stack_size=0x20300, tls=0x7f15ac9166c0} => {parent_tid=[5070]}, 88) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f15ac9e26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] rseq(0x7f15ac916fe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f15ac9169a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15a44f6000 [pid 5070] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5070] munmap(0x7f15a44f6000, 131072) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file0", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_POSIXACL|MS_BORN, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f15ac9e26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f15ac9e26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f15a44f5000 [pid 5069] mprotect(0x7f15a44f6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] mkdir("./file0", 000 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f15a4515990, parent_tid=0x7f15a4515990, exit_signal=0, stack=0x7f15a44f5000, stack_size=0x20300, tls=0x7f15a45156c0} => {parent_tid=[5071]}, 88) = 5071 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] rseq(0x7f15a4515fe0, 0x20, 0, 0x53053053) = 0 [pid 5071] set_robust_list(0x7f15a45159a0, 24) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5071] futex(0x7f15ac9e26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f15ac9e26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f15ac9e26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [ 66.242223][ T5070] loop0: detected capacity change from 0 to 256 [ 66.259159][ T5070] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f9d414f, utbl_chksum : 0xe619d30d) [pid 5071] getdents64(4, [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] exit_group(0) = ? [pid 5013] kill(-5069, SIGKILL) = 0 [pid 5013] kill(5069, SIGKILL) = 0 [pid 5013] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5013] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5013] getdents64(3, 0x5555560f1730 /* 2 entries */, 32768) = 48 [pid 5013] getdents64(3, 0x5555560f1730 /* 0 entries */, 32768) = 0 [pid 5013] close(3) = 0 [ 81.648435][ T1133] cfg80211: failed to load regulatory.db [ 286.446422][ T28] INFO: task syz-executor288:5070 blocked for more than 143 seconds. [ 286.454634][ T28] Not tainted 6.5.0-rc3-syzkaller-00016-g20ea1e7d13c1 #0 [ 286.463634][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.472926][ T28] task:syz-executor288 state:D stack:25896 pid:5070 ppid:5013 flags:0x00004006 [ 286.482469][ T28] Call Trace: [ 286.485774][ T28] [ 286.489133][ T28] __schedule+0x1873/0x48f0 [ 286.493910][ T28] ? release_firmware_map_entry+0x190/0x190 [ 286.500189][ T28] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.506260][ T28] ? print_irqtrace_events+0x220/0x220 [ 286.512603][ T28] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.518109][ T28] schedule+0xc3/0x180 [ 286.522212][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.528088][ T28] rwsem_down_write_slowpath+0xedd/0x13a0 [ 286.533874][ T28] ? rwsem_down_read_slowpath+0x950/0x950 [ 286.540026][ T28] ? read_lock_is_recursive+0x20/0x20 [ 286.545453][ T28] __down_write_common+0x1aa/0x200 [ 286.551487][ T28] ? clear_nonspinnable+0x60/0x60 [ 286.556797][ T28] filename_create+0x260/0x530 [ 286.561737][ T28] ? kern_path_create+0x180/0x180 [ 286.567595][ T28] do_mkdirat+0xb7/0x520 [ 286.571908][ T28] ? vfs_mkdir+0x450/0x450 [ 286.576849][ T28] ? getname_flags+0x1f0/0x4e0 [ 286.581660][ T28] __x64_sys_mkdir+0x6e/0x80 [ 286.586726][ T28] do_syscall_64+0x41/0xc0 [ 286.591216][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.597614][ T28] RIP: 0033:0x7f15ac959a59 [ 286.602084][ T28] RSP: 002b:00007f15ac916218 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 286.610877][ T28] RAX: ffffffffffffffda RBX: 00007f15ac9e26c8 RCX: 00007f15ac959a59 [ 286.619180][ T28] RDX: 00007f15ac959a59 RSI: 0000000000000000 RDI: 0000000020000000 [ 286.627428][ T28] RBP: 00007f15ac9e26c0 R08: 0000000000000000 R09: 0000000000000000 [ 286.635428][ T28] R10: 00000000000014d8 R11: 0000000000000246 R12: 00007f15ac9e26cc [ 286.643851][ T28] R13: 00007f15ac9ae0c0 R14: 0000000020004ac0 R15: 0030656c69662f2e [ 286.652247][ T28] [ 286.655363][ T28] [ 286.655363][ T28] Showing all locks held in the system: [ 286.663640][ T28] 1 lock held by rcu_tasks_kthre/13: [ 286.669288][ T28] #0: ffffffff8d328db0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.680236][ T28] 1 lock held by rcu_tasks_trace/14: [ 286.685552][ T28] #0: ffffffff8d329170 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.697156][ T28] 1 lock held by khungtaskd/28: [ 286.702031][ T28] #0: ffffffff8d328be0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.711964][ T28] 2 locks held by getty/4765: [ 286.716914][ T28] #0: ffff88802d201098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.727096][ T28] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b1/0x1dc0 [ 286.737554][ T28] 2 locks held by syz-executor288/5070: [ 286.743126][ T28] #0: ffff888023536410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 286.752798][ T28] #1: ffff888078aec3b0 (&sb->s_type->i_mutex_key#14/1){+.+.}-{3:3}, at: filename_create+0x260/0x530 [ 286.764165][ T28] 3 locks held by syz-executor288/5071: [ 286.770011][ T28] [ 286.772403][ T28] ============================================= [ 286.772403][ T28] [ 286.781240][ T28] NMI backtrace for cpu 1 [ 286.785590][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc3-syzkaller-00016-g20ea1e7d13c1 #0 [ 286.795414][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 286.805489][ T28] Call Trace: [ 286.808794][ T28] [ 286.811748][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 286.816463][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 286.821952][ T28] ? panic+0x770/0x770 [ 286.826053][ T28] ? __irq_work_queue_local+0x137/0x3e0 [ 286.831671][ T28] nmi_cpu_backtrace+0x498/0x4d0 [ 286.836736][ T28] ? vprintk_emit+0x10d/0x1f0 [ 286.841454][ T28] ? nmi_trigger_cpumask_backtrace+0x300/0x300 [ 286.847638][ T28] ? _printk+0xd5/0x120 [ 286.851831][ T28] ? panic+0x770/0x770 [ 286.855930][ T28] ? __wake_up_klogd+0xcc/0x100 [ 286.860820][ T28] ? panic+0x770/0x770 [ 286.864918][ T28] ? __rcu_read_unlock+0x96/0x100 [ 286.869971][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.876113][ T28] nmi_trigger_cpumask_backtrace+0x187/0x300 [ 286.882131][ T28] watchdog+0xec2/0xf00 [ 286.886342][ T28] kthread+0x2b8/0x350 [ 286.890445][ T28] ? hungtask_pm_notify+0x90/0x90 [ 286.895491][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.900140][ T28] ret_from_fork+0x2e/0x60 [ 286.904587][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.909239][ T28] ret_from_fork_asm+0x11/0x20 [ 286.914057][ T28] RIP: 0000:0x0 [ 286.917581][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 286.924989][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 286.933445][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 286.941439][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 286.949436][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 286.957430][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 286.965418][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.973425][ T28] [ 286.976581][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.981814][ C0] NMI backtrace for cpu 0 [ 286.981825][ C0] CPU: 0 PID: 5071 Comm: syz-executor288 Not tainted 6.5.0-rc3-syzkaller-00016-g20ea1e7d13c1 #0 [ 286.981843][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 286.981853][ C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x7c/0x80 [ 286.981886][ C0] Code: c1 e1 05 48 8d 41 28 4c 39 c8 77 1e 49 ff c2 4c 89 12 48 c7 44 11 08 06 00 00 00 48 89 7c 11 10 48 89 74 11 18 4c 89 44 11 20 0f 1f 00 f3 0f 1e fa 4c 8b 04 24 65 48 8b 15 10 9d 77 7e 65 8b [ 286.981900][ C0] RSP: 0018:ffffc900039cf4d8 EFLAGS: 00000093 [ 286.981916][ C0] RAX: 0000000000000000 RBX: 0000000000000080 RCX: ffff888021070000 [ 286.981927][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000080 [ 286.981937][ C0] RBP: ffffc900039cf638 R08: ffffffff8204a198 R09: 1ffffffff1d30b75 [ 286.981949][ C0] R10: dffffc0000000000 R11: fffffbfff1d30b76 R12: ffff8880752393a0 [ 286.981962][ C0] R13: 0000000000000080 R14: ffffffffffffffff R15: 0000000000037e00 [ 286.981973][ C0] FS: 00007f15a45156c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.981988][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.981999][ C0] CR2: 00007f9f0604e6c0 CR3: 000000001767f000 CR4: 00000000003506f0 [ 286.982014][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.982024][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.982034][ C0] Call Trace: [ 286.982046][ C0] [ 286.982052][ C0] ? nmi_cpu_backtrace+0x3be/0x4d0 [ 286.982073][ C0] ? read_lock_is_recursive+0x20/0x20 [ 286.982098][ C0] ? nmi_trigger_cpumask_backtrace+0x300/0x300 [ 286.982117][ C0] ? unknown_nmi_error+0xc0/0xc0 [ 286.982149][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 286.982174][ C0] ? nmi_handle+0xf7/0x370 [ 286.982198][ C0] ? __sanitizer_cov_trace_cmp8+0x7c/0x80 [ 286.982224][ C0] ? default_do_nmi+0x62/0x150 [ 286.982290][ C0] ? exc_nmi+0x11e/0x1f0 [ 286.982308][ C0] ? end_repeat_nmi+0x16/0x31 [ 286.982327][ C0] ? __find_get_block+0x1f8/0x10e0 [ 286.982359][ C0] ? __sanitizer_cov_trace_cmp8+0x7c/0x80 [ 286.982387][ C0] ? __sanitizer_cov_trace_cmp8+0x7c/0x80 [ 286.982415][ C0] ? __sanitizer_cov_trace_cmp8+0x7c/0x80 [ 286.982443][ C0] [ 286.982448][ C0] [ 286.982453][ C0] __find_get_block+0x1f8/0x10e0 [ 286.982473][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 286.982501][ C0] ? write_boundary_block+0xb0/0xb0 [ 286.982519][ C0] ? __getblk_gfp+0x52/0x630 [ 286.982537][ C0] ? exfat_put_dentry_set+0x2b0/0x2b0 [ 286.982596][ C0] ? __bread_gfp+0x73/0x380 [ 286.982614][ C0] __getblk_gfp+0x2f/0x630 [ 286.982631][ C0] ? folio_mark_accessed+0x59b/0xf00 [ 286.982661][ C0] ? __bread_gfp+0x47/0x380 [ 286.982681][ C0] __bread_gfp+0x2e/0x380 [ 286.982699][ C0] exfat_ent_get+0x14d/0x400 [ 286.982720][ C0] exfat_iterate+0x139b/0x3380 [ 286.982761][ C0] ? exfat_check_dir_empty+0x500/0x500 [ 286.982782][ C0] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.982839][ C0] ? read_lock_is_recursive+0x20/0x20 [ 286.982864][ C0] ? __down_write_common+0x161/0x200 [ 286.982884][ C0] ? __fdget_pos+0x20f/0x2a0 [ 286.982917][ C0] ? iterate_dir+0x13e/0x5a0 [ 286.982942][ C0] iterate_dir+0x231/0x5a0 [ 286.982970][ C0] __se_sys_getdents64+0x20d/0x4f0 [ 286.982994][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.983021][ C0] ? __x64_sys_getdents64+0x80/0x80 [ 286.983051][ C0] ? filldir+0x6a0/0x6a0 [ 286.983077][ C0] ? syscall_enter_from_user_mode+0x32/0x230 [ 286.983101][ C0] ? syscall_enter_from_user_mode+0x8c/0x230 [ 286.983125][ C0] do_syscall_64+0x41/0xc0 [ 286.983142][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.983167][ C0] RIP: 0033:0x7f15ac959a59 [ 286.983182][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 286.983195][ C0] RSP: 002b:00007f15a4515218 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 286.983212][ C0] RAX: ffffffffffffffda RBX: 00007f15ac9e26d8 RCX: 00007f15ac959a59 [ 286.983224][ C0] RDX: 0000000000000098 RSI: 0000000020000080 RDI: 0000000000000004 [ 286.983234][ C0] RBP: 00007f15ac9e26d0 R08: 0000000000000000 R09: 0000000000000000 [ 286.983244][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15ac9e26dc [ 286.983254][ C0] R13: 00007f15ac9ae0c0 R14: 0000000020004ac0 R15: 0030656c69662f2e [ 286.983275][ C0] [ 286.983282][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.467 msecs [ 287.430583][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.437574][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc3-syzkaller-00016-g20ea1e7d13c1 #0 [ 287.447416][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 287.457509][ T28] Call Trace: [ 287.460912][ T28] [ 287.463871][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 287.468587][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 287.474095][ T28] ? panic+0x770/0x770 [ 287.478203][ T28] ? vscnprintf+0x5d/0x80 [ 287.482566][ T28] panic+0x30f/0x770 [ 287.486515][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.492698][ T28] ? __memcpy_flushcache+0x2b0/0x2b0 [ 287.498019][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.504126][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.510307][ T28] ? nmi_trigger_cpumask_backtrace+0x2b4/0x300 [ 287.516496][ T28] ? nmi_trigger_cpumask_backtrace+0x2b9/0x300 [ 287.522680][ T28] watchdog+0xf00/0xf00 [ 287.526874][ T28] kthread+0x2b8/0x350 [ 287.530971][ T28] ? hungtask_pm_notify+0x90/0x90 [ 287.536015][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.540637][ T28] ret_from_fork+0x2e/0x60 [ 287.545081][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.549695][ T28] ret_from_fork_asm+0x11/0x20 [ 287.554510][ T28] RIP: 0000:0x0 [ 287.557999][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 287.565376][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 287.573814][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 287.581810][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.589801][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.597795][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 287.605784][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.613798][ T28] [ 287.617120][ T28] Kernel Offset: disabled [ 287.621454][ T28] Rebooting in 86400 seconds..