./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1641782936 <...> Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. execve("./syz-executor1641782936", ["./syz-executor1641782936"], 0x7ffedf7e2ad0 /* 10 vars */) = 0 brk(NULL) = 0x55555702f000 brk(0x55555702fc40) = 0x55555702fc40 arch_prctl(ARCH_SET_FS, 0x55555702f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555702f5d0) = 5068 set_robust_list(0x55555702f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa318274690, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa318274d60}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa318274730, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa318274d60}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1641782936", 4096) = 28 brk(0x555557050c40) = 0x555557050c40 brk(0x555557051000) = 0x555557051000 mprotect(0x7fa318337000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5068 mkdir("./syzkaller.Ibydap", 0700) = 0 chmod("./syzkaller.Ibydap", 0777) = 0 chdir("./syzkaller.Ibydap") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5069] chdir("./0") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5069] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5071 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5071] munmap(0x7fa30fe43000, 524288) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [ 52.339744][ T5071] loop0: detected capacity change from 0 to 1024 [ 52.349362][ T5071] ======================================================= [ 52.349362][ T5071] WARNING: The mand mount option has been deprecated and [ 52.349362][ T5071] and is ignored by this kernel. Remove the mand [ 52.349362][ T5071] option from the mount to silence this warning. [ 52.349362][ T5071] ======================================================= [pid 5071] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [ 52.387491][ T5071] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 52.398214][ T5071] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 52.411356][ T5071] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5071] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 0 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5069] <... futex resumed>) = 0 [ 52.430216][ T27] audit: type=1800 audit(1672320152.205:2): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 52.454373][ T27] audit: type=1800 audit(1672320152.235:3): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] ftruncate(4, 31) = 0 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 7 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5071] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5071] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] exit_group(0 [pid 5071] <... futex resumed>) = 1 [pid 5069] <... exit_group resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.536338][ T27] audit: type=1800 audit(1672320152.315:4): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5072] chdir("./1") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5072] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5073 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5073] munmap(0x7fa30fe43000, 524288) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.616672][ T5073] loop0: detected capacity change from 0 to 1024 [ 52.627666][ T5073] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 52.637939][ T5073] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 52.650199][ T5073] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5073] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 5 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] openat(-1, "/proc/self/exe", O_RDONLY [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 6 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5073] sendfile(5, 6, NULL, 140737974943952 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... sendfile resumed>) = 65536 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] ftruncate(4, 31) = 0 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [ 52.671398][ T27] audit: type=1800 audit(1672320152.445:5): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 52.692930][ T27] audit: type=1800 audit(1672320152.445:6): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... pwritev2 resumed>) = 20480 [pid 5073] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5074] chdir("./2") = 0 [ 52.757157][ T27] audit: type=1800 audit(1672320152.535:7): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5074] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5075 attached , parent_tid=[5075], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5075 [pid 5075] set_robust_list(0x7fa3182639e0, 24 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5075] munmap(0x7fa30fe43000, 524288) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 52.840164][ T5075] loop0: detected capacity change from 0 to 1024 [ 52.850185][ T5075] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 52.861055][ T5075] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 52.873007][ T5075] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5075] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 0 [pid 5075] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] sendfile(5, 6, NULL, 140737974943952 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5075] <... sendfile resumed>) = 65536 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] ftruncate(4, 31) = 0 [ 52.890651][ T27] audit: type=1800 audit(1672320152.665:8): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 52.915073][ T27] audit: type=1800 audit(1672320152.665:9): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... pwritev2 resumed>) = 20480 [pid 5075] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 52.972816][ T27] audit: type=1800 audit(1672320152.755:10): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5076] chdir("./3") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5076] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7fa3182639e0, 24 [pid 5076] <... clone resumed>, parent_tid=[5077], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5077 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5077] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] memfd_create("syzkaller", 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5077] <... memfd_create resumed>) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5077] munmap(0x7fa30fe43000, 524288) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file0", 0777) = 0 [pid 5077] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file0") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [ 53.074407][ T5077] loop0: detected capacity change from 0 to 1024 [ 53.083696][ T5077] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 53.093919][ T5077] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 53.106692][ T5077] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5077] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... open resumed>) = 5 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5077] openat(-1, "/proc/self/exe", O_RDONLY [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... openat resumed>) = 6 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] sendfile(5, 6, NULL, 140737974943952 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... sendfile resumed>) = 65536 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [ 53.124571][ T27] audit: type=1800 audit(1672320152.905:11): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] ftruncate(4, 31) = 0 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5077] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5078] chdir("./4") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5078] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached , parent_tid=[5079], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5079 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5079] munmap(0x7fa30fe43000, 524288) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [pid 5079] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] openat(-1, "/proc/self/exe", O_RDONLY [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... openat resumed>) = 6 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] sendfile(5, 6, NULL, 140737974943952 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.279570][ T5079] loop0: detected capacity change from 0 to 1024 [ 53.290250][ T5079] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 53.300588][ T5079] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 53.313426][ T5079] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... sendfile resumed>) = 65536 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5079] ftruncate(4, 31 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] <... ftruncate resumed>) = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5079] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5080] chdir("./5") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5080] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5081 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5081] munmap(0x7fa30fe43000, 524288) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [ 53.481276][ T5081] loop0: detected capacity change from 0 to 1024 [ 53.491074][ T5081] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 53.501448][ T5081] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 53.513451][ T5081] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5081] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] ftruncate(4, 31) = 0 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5081] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0) = ? [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x55555702f5d0) = 5082 [pid 5082] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5082] chdir("./6") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5082] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5083 attached , parent_tid=[5083], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5083 [pid 5083] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5083] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5083] munmap(0x7fa30fe43000, 524288) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 0 [pid 5083] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [ 53.667023][ T5083] loop0: detected capacity change from 0 to 1024 [ 53.676762][ T5083] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 53.687406][ T5083] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 53.699732][ T5083] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5083] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5083] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5083] ftruncate(4, 31 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ftruncate resumed>) = 0 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5083] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... open resumed>) = 7 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5083] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5082] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... pwritev2 resumed>) = 20480 [pid 5083] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5082] exit_group(0 [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5084] chdir("./7") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5084] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5085 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5085] munmap(0x7fa30fe43000, 524288) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] sendfile(5, 6, NULL, 140737974943952 [ 53.865610][ T5085] loop0: detected capacity change from 0 to 1024 [ 53.876963][ T5085] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 53.887306][ T5085] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 53.899613][ T5085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... sendfile resumed>) = 65536 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ftruncate(4, 31) = 0 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5085] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5086] chdir("./8") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5086] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5087 attached , parent_tid=[5087], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5087 [pid 5087] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5087] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5087] munmap(0x7fa30fe43000, 524288) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file0") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 1 [pid 5087] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 1 [pid 5087] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(-1, "/proc/self/exe", O_RDONLY [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 6 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] sendfile(5, 6, NULL, 140737974943952 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.057280][ T5087] loop0: detected capacity change from 0 to 1024 [ 54.066275][ T5087] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 54.076588][ T5087] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 54.087971][ T5087] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... sendfile resumed>) = 65536 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 0 [pid 5087] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] ftruncate(4, 31 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... ftruncate resumed>) = 0 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... open resumed>) = 7 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5086] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... pwritev2 resumed>) = 20480 [pid 5087] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5088] chdir("./9") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5088] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5089 attached , parent_tid=[5089], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5089 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] set_robust_list(0x7fa3182639e0, 24 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... set_robust_list resumed>) = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5089] munmap(0x7fa30fe43000, 524288) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file0") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 0 [pid 5089] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.254113][ T5089] loop0: detected capacity change from 0 to 1024 [ 54.264180][ T5089] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 54.274674][ T5089] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 54.286766][ T5089] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5089] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] ftruncate(4, 31 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... ftruncate resumed>) = 0 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... open resumed>) = 7 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5088] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... pwritev2 resumed>) = 20480 [pid 5089] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x55555702f5d0) = 5090 [pid 5090] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5090] chdir("./10") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5090] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached , parent_tid=[5091], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5091 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] set_robust_list(0x7fa3182639e0, 24 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5091] munmap(0x7fa30fe43000, 524288) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [ 54.456056][ T5091] loop0: detected capacity change from 0 to 1024 [ 54.466615][ T5091] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 54.476874][ T5091] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 54.489384][ T5091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5091] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] ftruncate(4, 31) = 0 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... open resumed>) = 7 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5091] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x55555702f5d0) = 5092 [pid 5092] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5092] chdir("./11") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5092] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5093 attached , parent_tid=[5093], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5093 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5093] munmap(0x7fa30fe43000, 524288) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [ 54.657757][ T5093] loop0: detected capacity change from 0 to 1024 [ 54.677354][ T5093] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 54.687818][ T5093] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [pid 5093] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [ 54.700444][ T5093] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5093] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] ftruncate(4, 31) = 0 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... open resumed>) = 7 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5093] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] exit_group(0 [pid 5093] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5094] chdir("./12") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5094] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5095 attached , parent_tid=[5095], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5095 [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5095] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5095] munmap(0x7fa30fe43000, 524288) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file0", 0777) = 0 [pid 5095] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file0") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [pid 5095] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 54.858032][ T5095] loop0: detected capacity change from 0 to 1024 [ 54.868478][ T5095] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 54.878781][ T5095] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 54.891502][ T5095] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5095] sendfile(5, 6, NULL, 140737974943952 [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5094] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5096 [pid 5094] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5096] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5096] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5096] ftruncate(4, 31 [pid 5094] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... sendfile resumed>) = 65536 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... ftruncate resumed>) = 0 [pid 5096] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5096] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5095] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... open resumed>) = 7 [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5095] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5094] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5095] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5097] chdir("./13") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5097] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7fa3182639e0, 24 [pid 5097] <... clone resumed>, parent_tid=[5098], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5098 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5098] munmap(0x7fa30fe43000, 524288) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file0", 0777) = 0 [pid 5098] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file0") = 0 [pid 5098] ioctl(4, LOOP_CLR_FD) = 0 [pid 5098] close(4) = 0 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... open resumed>) = 4 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... open resumed>) = 5 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] sendfile(5, 6, NULL, 140737974943952 [pid 5097] <... futex resumed>) = 0 [ 55.040535][ T5098] loop0: detected capacity change from 0 to 1024 [ 55.050593][ T5098] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.060906][ T5098] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 55.073141][ T5098] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... sendfile resumed>) = 65536 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... futex resumed>) = 0 [pid 5098] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] ftruncate(4, 31 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... ftruncate resumed>) = 0 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... open resumed>) = 7 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... pwritev2 resumed>) = 20480 [pid 5098] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] exit_group(0) = ? [pid 5098] <... futex resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5099] chdir("./14") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5099] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5100 attached , parent_tid=[5100], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5100 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5100] munmap(0x7fa30fe43000, 524288) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5100] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [pid 5100] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [ 55.236426][ T5100] loop0: detected capacity change from 0 to 1024 [ 55.246101][ T5100] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.256359][ T5100] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 55.269318][ T5100] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5100] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] ftruncate(4, 31) = 0 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5100] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5101] chdir("./15") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5101] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5102], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5102 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5102] munmap(0x7fa30fe43000, 524288) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file0", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file0") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [ 55.436072][ T5102] loop0: detected capacity change from 0 to 1024 [ 55.445508][ T5102] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.456118][ T5102] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 55.468710][ T5102] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5102] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] ftruncate(4, 31 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... ftruncate resumed>) = 0 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5102] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5103] chdir("./16") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5103] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5104], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5104 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5104] munmap(0x7fa30fe43000, 524288) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./file0", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file0") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [ 55.634527][ T5104] loop0: detected capacity change from 0 to 1024 [ 55.644596][ T5104] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.654986][ T5104] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 55.667434][ T5104] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5104] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] ftruncate(4, 31) = 0 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5104] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] exit_group(0) = ? [pid 5104] <... futex resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5105] chdir("./17") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5105] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5106 attached , parent_tid=[5106], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5106 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5106] munmap(0x7fa30fe43000, 524288) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [ 55.796021][ T5106] loop0: detected capacity change from 0 to 1024 [ 55.805265][ T5106] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.815959][ T5106] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 55.827526][ T5106] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5106] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 0 [pid 5106] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] ftruncate(4, 31 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... ftruncate resumed>) = 0 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5105] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... pwritev2 resumed>) = 20480 [pid 5106] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5107] chdir("./18") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5107] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555702f5d0) = 5107 [pid 5107] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached , parent_tid=[5108], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5108 [pid 5108] set_robust_list(0x7fa3182639e0, 24 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5108] munmap(0x7fa30fe43000, 524288) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file0", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file0") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [ 55.973692][ T5108] loop0: detected capacity change from 0 to 1024 [ 55.983465][ T5108] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 55.993940][ T5108] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.005611][ T5108] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5108] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] ftruncate(4, 31) = 0 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... open resumed>) = 7 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5108] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] exit_group(0) = ? [pid 5108] <... futex resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5109] chdir("./19") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5109] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5110], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5110 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5110] munmap(0x7fa30fe43000, 524288) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [pid 5110] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [pid 5110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [pid 5110] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [ 56.146929][ T5110] loop0: detected capacity change from 0 to 1024 [ 56.156593][ T5110] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 56.167054][ T5110] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.178591][ T5110] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5110] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 0 [pid 5110] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] ftruncate(4, 31 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... ftruncate resumed>) = 0 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... open resumed>) = 7 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 1 [pid 5110] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5110] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] exit_group(0) = ? [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5111] chdir("./20") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5111] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5112 attached , parent_tid=[5112], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5112 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5112] munmap(0x7fa30fe43000, 524288) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file0", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file0") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 0 [pid 5112] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.333710][ T5112] loop0: detected capacity change from 0 to 1024 [ 56.343909][ T5112] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 56.354157][ T5112] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.365829][ T5112] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5112] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 1 [pid 5112] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] ftruncate(4, 31 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... ftruncate resumed>) = 0 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... open resumed>) = 7 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... pwritev2 resumed>) = 20480 [pid 5112] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5113] chdir("./21") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5113] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5113] <... clone resumed>, parent_tid=[5114], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5114 [pid 5114] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5114] munmap(0x7fa30fe43000, 524288) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] sendfile(5, 6, NULL, 140737974943952 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.529407][ T5114] loop0: detected capacity change from 0 to 1024 [ 56.539003][ T5114] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 56.549261][ T5114] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.561380][ T5114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... sendfile resumed>) = 65536 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5114] ftruncate(4, 31 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... ftruncate resumed>) = 0 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... open resumed>) = 7 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5114] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5113] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... pwritev2 resumed>) = 20480 [pid 5114] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0) = ? [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5115] chdir("./22") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5115] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5116 attached , parent_tid=[5116], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5116 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] set_robust_list(0x7fa3182639e0, 24 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5116] munmap(0x7fa30fe43000, 524288) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [pid 5116] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... open resumed>) = 4 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... open resumed>) = 5 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] openat(-1, "/proc/self/exe", O_RDONLY [pid 5115] <... futex resumed>) = 0 [pid 5116] <... openat resumed>) = 6 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] sendfile(5, 6, NULL, 140737974943952 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.724202][ T5116] loop0: detected capacity change from 0 to 1024 [ 56.734009][ T5116] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 56.744249][ T5116] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.755912][ T5116] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... sendfile resumed>) = 65536 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 1 [pid 5116] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] ftruncate(4, 31 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ftruncate resumed>) = 0 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 7 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5116] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0) = ? [pid 5116] <... futex resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5117] chdir("./23") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5117] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5118] munmap(0x7fa30fe43000, 524288) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file0", 0777) = 0 [pid 5118] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file0") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 1 [pid 5118] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5118] openat(-1, "/proc/self/exe", O_RDONLY [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 6 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] sendfile(5, 6, NULL, 140737974943952 [pid 5117] <... futex resumed>) = 0 [ 56.915182][ T5118] loop0: detected capacity change from 0 to 1024 [ 56.924728][ T5118] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 56.934965][ T5118] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 56.946665][ T5118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... sendfile resumed>) = 65536 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] ftruncate(4, 31) = 0 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5118] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] exit_group(0) = ? [pid 5118] <... futex resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5119] chdir("./24") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5119] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached , parent_tid=[5120], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5120 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5120] munmap(0x7fa30fe43000, 524288) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5120] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 5 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] openat(-1, "/proc/self/exe", O_RDONLY [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... openat resumed>) = 6 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] sendfile(5, 6, NULL, 140737974943952 [pid 5119] <... futex resumed>) = 0 [ 57.117087][ T5120] loop0: detected capacity change from 0 to 1024 [ 57.128235][ T5120] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 57.138636][ T5120] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 57.150773][ T5120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... sendfile resumed>) = 65536 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] ftruncate(4, 31 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... ftruncate resumed>) = 0 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5120] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] exit_group(0) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5121] chdir("./25") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5121] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5122 attached , parent_tid=[5122], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5122 [pid 5122] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5122] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5122] munmap(0x7fa30fe43000, 524288) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file0", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file0") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [ 57.311663][ T5122] loop0: detected capacity change from 0 to 1024 [ 57.321768][ T5122] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 57.332226][ T5122] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 57.345256][ T5122] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5122] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5122] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5122] ftruncate(4, 31 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... ftruncate resumed>) = 0 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5122] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... open resumed>) = 7 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5122] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] exit_group(0) = ? [pid 5122] <... futex resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5123] chdir("./26") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5123] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5124], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x7fa3182639e0, 24 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5124] memfd_create("syzkaller", 0 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] <... memfd_create resumed>) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5124] munmap(0x7fa30fe43000, 524288) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.436849][ T27] kauditd_printk_skb: 67 callbacks suppressed [ 57.436863][ T27] audit: type=1800 audit(1672320157.215:79): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file0", 0777) = 0 [pid 5124] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file0") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [ 57.515061][ T5124] loop0: detected capacity change from 0 to 1024 [ 57.525481][ T5124] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 57.535913][ T5124] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 57.548390][ T5124] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5124] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [ 57.561565][ T27] audit: type=1800 audit(1672320157.335:80): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5124] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] ftruncate(4, 31) = 0 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5124] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] exit_group(0) = ? [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 57.597679][ T27] audit: type=1800 audit(1672320157.345:81): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [ 57.634630][ T27] audit: type=1800 audit(1672320157.415:82): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5125] chdir("./27") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5125] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5126 attached , parent_tid=[5126], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5126 [pid 5126] set_robust_list(0x7fa3182639e0, 24 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5126] munmap(0x7fa30fe43000, 524288) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 57.724720][ T5126] loop0: detected capacity change from 0 to 1024 [ 57.735720][ T5126] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 57.745942][ T5126] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 57.757636][ T5126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 4 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 5 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(-1, "/proc/self/exe", O_RDONLY [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 6 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] sendfile(5, 6, NULL, 140737974943952 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... sendfile resumed>) = 65536 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] ftruncate(4, 31) = 0 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [ 57.778133][ T27] audit: type=1800 audit(1672320157.555:83): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 57.799206][ T27] audit: type=1800 audit(1672320157.555:84): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5126] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5126] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5126] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5125] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5127 ./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5127] chdir("./28") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [ 57.857224][ T27] audit: type=1800 audit(1672320157.635:85): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5127] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5128 attached , parent_tid=[5128], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5128 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5128] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5128] munmap(0x7fa30fe43000, 524288) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] mkdir("./file0", 0777) = 0 [pid 5128] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file0") = 0 [pid 5128] ioctl(4, LOOP_CLR_FD) = 0 [pid 5128] close(4) = 0 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 57.933927][ T5128] loop0: detected capacity change from 0 to 1024 [ 57.943552][ T5128] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 57.953990][ T5128] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 57.966361][ T5128] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... open resumed>) = 4 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] openat(-1, "/proc/self/exe", O_RDONLY [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... openat resumed>) = 6 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] sendfile(5, 6, NULL, 140737974943952 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.979315][ T27] audit: type=1800 audit(1672320157.755:86): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... sendfile resumed>) = 65536 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... futex resumed>) = 1 [pid 5128] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [ 58.023092][ T27] audit: type=1800 audit(1672320157.795:87): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] ftruncate(4, 31) = 0 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] <... futex resumed>) = 0 [pid 5127] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5128] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5127] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... pwritev2 resumed>) = 20480 [pid 5128] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5128] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5127] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 58.076754][ T27] audit: type=1800 audit(1672320157.855:88): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5129 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5129] chdir("./29") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5129] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5130], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5130 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5130] munmap(0x7fa30fe43000, 524288) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file0", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file0") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 0 [pid 5130] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [ 58.246285][ T5130] loop0: detected capacity change from 0 to 1024 [ 58.256532][ T5130] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 58.266848][ T5130] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 58.279258][ T5130] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] sendfile(5, 6, NULL, 140737974943952 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... sendfile resumed>) = 65536 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5130] ftruncate(4, 31 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... ftruncate resumed>) = 0 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5130] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] exit_group(0) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5131] chdir("./30") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5131] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5132 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5132] munmap(0x7fa30fe43000, 524288) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 4 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] openat(-1, "/proc/self/exe", O_RDONLY [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... openat resumed>) = 6 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] sendfile(5, 6, NULL, 140737974943952 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.455960][ T5132] loop0: detected capacity change from 0 to 1024 [ 58.466121][ T5132] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 58.476396][ T5132] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 58.488323][ T5132] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... sendfile resumed>) = 65536 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] ftruncate(4, 31) = 0 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5132] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5131] exit_group(0) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5133 ./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5133] chdir("./31") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5133] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5134], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5134 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5134] munmap(0x7fa30fe43000, 524288) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./file0", 0777) = 0 [pid 5134] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./file0") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... open resumed>) = 4 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [ 58.628299][ T5134] loop0: detected capacity change from 0 to 1024 [ 58.637407][ T5134] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 58.647858][ T5134] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 58.660821][ T5134] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5134] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5134] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] ftruncate(4, 31 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] <... ftruncate resumed>) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5134] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... open resumed>) = 7 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5133] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5134] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5133] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5135 ./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5135] chdir("./32") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5135] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5136 ./strace-static-x86_64: Process 5136 attached [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5136] munmap(0x7fa30fe43000, 524288) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./file0", 0777) = 0 [pid 5136] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file0") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... open resumed>) = 5 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] openat(-1, "/proc/self/exe", O_RDONLY [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... openat resumed>) = 6 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] sendfile(5, 6, NULL, 140737974943952 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.845663][ T5136] loop0: detected capacity change from 0 to 1024 [ 58.854940][ T5136] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 58.865296][ T5136] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 58.877557][ T5136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... sendfile resumed>) = 65536 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] ftruncate(4, 31) = 0 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... open resumed>) = 7 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5135] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... pwritev2 resumed>) = 20480 [pid 5136] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5135] exit_group(0) = ? [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5137] chdir("./33") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5137] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5138], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5138 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5138] munmap(0x7fa30fe43000, 524288) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... open resumed>) = 4 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... open resumed>) = 5 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] openat(-1, "/proc/self/exe", O_RDONLY [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... openat resumed>) = 6 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] sendfile(5, 6, NULL, 140737974943952 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.054775][ T5138] loop0: detected capacity change from 0 to 1024 [ 59.064087][ T5138] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 59.074288][ T5138] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 59.085821][ T5138] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... sendfile resumed>) = 65536 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] ftruncate(4, 31) = 0 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5138] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0 [pid 5138] <... futex resumed>) = ? [pid 5137] <... exit_group resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x55555702f5e0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x55555702f5d0) = 5139 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5139] chdir("./34") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5139] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5140] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... clone resumed>, parent_tid=[5140], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5140 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] memfd_create("syzkaller", 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5140] <... memfd_create resumed>) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5140] munmap(0x7fa30fe43000, 524288) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./file0", 0777) = 0 [pid 5140] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file0") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... futex resumed>) = 1 [pid 5140] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... futex resumed>) = 1 [pid 5140] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... futex resumed>) = 1 [pid 5140] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... futex resumed>) = 1 [ 59.227771][ T5140] loop0: detected capacity change from 0 to 1024 [ 59.237756][ T5140] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 59.248101][ T5140] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 59.260272][ T5140] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5140] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] ftruncate(4, 31 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... ftruncate resumed>) = 0 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... open resumed>) = 7 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5139] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... pwritev2 resumed>) = 20480 [pid 5140] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5141] chdir("./35") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5141] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7fa3182639e0, 24 [pid 5141] <... clone resumed>, parent_tid=[5142], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5142 [pid 5142] <... set_robust_list resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5142] munmap(0x7fa30fe43000, 524288) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./file0", 0777) = 0 [pid 5142] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file0") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... open resumed>) = 5 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [ 59.422025][ T5142] loop0: detected capacity change from 0 to 1024 [ 59.431343][ T5142] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 59.441805][ T5142] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 59.453736][ T5142] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5142] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] <... futex resumed>) = 0 [pid 5142] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] ftruncate(4, 31) = 0 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5142] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5142] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] exit_group(0 [pid 5142] <... futex resumed>) = ? [pid 5141] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5143] chdir("./36") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5143] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5144 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5144] munmap(0x7fa30fe43000, 524288) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [ 59.618188][ T5144] loop0: detected capacity change from 0 to 1024 [ 59.628616][ T5144] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 59.639292][ T5144] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 59.651607][ T5144] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5144] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 0 [pid 5144] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] ftruncate(4, 31) = 0 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5144] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0) = ? [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5145] chdir("./37") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5145] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5146] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... clone resumed>, parent_tid=[5146], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5146 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5146] munmap(0x7fa30fe43000, 524288) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] mkdir("./file0", 0777) = 0 [pid 5146] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./file0") = 0 [pid 5146] ioctl(4, LOOP_CLR_FD) = 0 [pid 5146] close(4) = 0 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 1 [pid 5146] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5146] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] openat(-1, "/proc/self/exe", O_RDONLY [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... openat resumed>) = 6 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] sendfile(5, 6, NULL, 140737974943952 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.820338][ T5146] loop0: detected capacity change from 0 to 1024 [ 59.830585][ T5146] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 59.840905][ T5146] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 59.852822][ T5146] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... sendfile resumed>) = 65536 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] ftruncate(4, 31 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... ftruncate resumed>) = 0 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5146] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... open resumed>) = 7 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5145] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... pwritev2 resumed>) = 20480 [pid 5146] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [pid 5145] exit_group(0) = ? [pid 5146] <... futex resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5147 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5147] chdir("./38") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5147] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5148], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5148 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5148] munmap(0x7fa30fe43000, 524288) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] mkdir("./file0", 0777) = 0 [pid 5148] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./file0") = 0 [pid 5148] ioctl(4, LOOP_CLR_FD) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 0 [pid 5148] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [ 60.028711][ T5148] loop0: detected capacity change from 0 to 1024 [ 60.038400][ T5148] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.048985][ T5148] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.061014][ T5148] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5148] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] ftruncate(4, 31) = 0 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5148] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] exit_group(0) = ? [pid 5148] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5149] chdir("./39") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5149] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5150], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5150] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5150] munmap(0x7fa30fe43000, 524288) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] openat(-1, "/proc/self/exe", O_RDONLY [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... openat resumed>) = 6 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] sendfile(5, 6, NULL, 140737974943952 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.188585][ T5150] loop0: detected capacity change from 0 to 1024 [ 60.200237][ T5150] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.210507][ T5150] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.221955][ T5150] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... sendfile resumed>) = 65536 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 0 [pid 5150] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] ftruncate(4, 31 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... ftruncate resumed>) = 0 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... open resumed>) = 7 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5150] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] exit_group(0 [pid 5150] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5149] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5151] chdir("./40") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5151] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5152 attached , parent_tid=[5152], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5152 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5152] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5152] munmap(0x7fa30fe43000, 524288) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./file0", 0777) = 0 [pid 5152] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./file0") = 0 [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5152] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [pid 5152] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.369289][ T5152] loop0: detected capacity change from 0 to 1024 [ 60.380706][ T5152] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.391325][ T5152] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.403308][ T5152] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5152] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [pid 5152] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [pid 5152] ftruncate(4, 31) = 0 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [pid 5152] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 1 [pid 5152] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5152] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5151] exit_group(0) = ? [pid 5152] <... futex resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5153] chdir("./41") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5153] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5154 attached , parent_tid=[5154], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5154 [pid 5154] set_robust_list(0x7fa3182639e0, 24 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5154] munmap(0x7fa30fe43000, 524288) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] mkdir("./file0", 0777) = 0 [pid 5154] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file0") = 0 [pid 5154] ioctl(4, LOOP_CLR_FD) = 0 [pid 5154] close(4) = 0 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 0 [pid 5154] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 1 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 0 [pid 5154] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 1 [ 60.537654][ T5154] loop0: detected capacity change from 0 to 1024 [ 60.547974][ T5154] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.558171][ T5154] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.569614][ T5154] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5154] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5154] ftruncate(4, 31 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... ftruncate resumed>) = 0 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5154] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] exit_group(0) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x55555702f5d0) = 5155 [pid 5155] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5155] chdir("./42") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5155] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5156], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5156 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5156] munmap(0x7fa30fe43000, 524288) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [ 60.733468][ T5156] loop0: detected capacity change from 0 to 1024 [ 60.743638][ T5156] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.754011][ T5156] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.765517][ T5156] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5156] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] ftruncate(4, 31) = 0 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5156] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] exit_group(0) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5157 ./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5157] chdir("./43") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5157] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5158], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5158 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5158] munmap(0x7fa30fe43000, 524288) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./file0", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file0") = 0 [pid 5158] ioctl(4, LOOP_CLR_FD) = 0 [pid 5158] close(4) = 0 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [pid 5158] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [pid 5158] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [pid 5158] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [ 60.924970][ T5158] loop0: detected capacity change from 0 to 1024 [ 60.934413][ T5158] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 60.944756][ T5158] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 60.956417][ T5158] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5158] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = 1 [pid 5158] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] ftruncate(4, 31 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... ftruncate resumed>) = 0 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... open resumed>) = 7 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5158] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5158] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5158] <... futex resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5159] chdir("./44") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5159] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5160 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5160] munmap(0x7fa30fe43000, 524288) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file0", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file0") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.097034][ T5160] loop0: detected capacity change from 0 to 1024 [ 61.107259][ T5160] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 61.117871][ T5160] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 61.129926][ T5160] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5160] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] <... futex resumed>) = 0 [pid 5160] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] ftruncate(4, 31) = 0 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5160] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5159] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5161] chdir("./45") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5161] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5162 attached , parent_tid=[5162], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5162 [pid 5162] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5162] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5162] munmap(0x7fa30fe43000, 524288) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file0", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file0") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] <... open resumed>) = 4 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] <... open resumed>) = 5 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 1 [pid 5162] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] sendfile(5, 6, NULL, 140737974943952 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.286315][ T5162] loop0: detected capacity change from 0 to 1024 [ 61.296250][ T5162] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 61.306680][ T5162] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 61.318853][ T5162] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... sendfile resumed>) = 65536 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5162] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] ftruncate(4, 31 [pid 5161] <... futex resumed>) = 0 [pid 5162] <... ftruncate resumed>) = 0 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5162] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... open resumed>) = 7 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5162] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5161] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... pwritev2 resumed>) = 20480 [pid 5162] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5163] chdir("./46") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5163] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5164 attached , parent_tid=[5164], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5164 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5164] munmap(0x7fa30fe43000, 524288) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file0", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file0") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 4 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 5 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] openat(-1, "/proc/self/exe", O_RDONLY [pid 5163] <... futex resumed>) = 0 [pid 5164] <... openat resumed>) = 6 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] sendfile(5, 6, NULL, 140737974943952 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.454617][ T5164] loop0: detected capacity change from 0 to 1024 [ 61.464793][ T5164] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 61.475335][ T5164] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 61.487042][ T5164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... sendfile resumed>) = 65536 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 0 [pid 5164] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5164] ftruncate(4, 31 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... ftruncate resumed>) = 0 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 7 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5164] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5163] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... pwritev2 resumed>) = 20480 [pid 5164] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5164] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] exit_group(0) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5165] chdir("./47") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5165] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5166 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5166] munmap(0x7fa30fe43000, 524288) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file0", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file0") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 0 [pid 5166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] openat(-1, "/proc/self/exe", O_RDONLY [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... openat resumed>) = 6 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] sendfile(5, 6, NULL, 140737974943952 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.628447][ T5166] loop0: detected capacity change from 0 to 1024 [ 61.638560][ T5166] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 61.648930][ T5166] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 61.661558][ T5166] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... sendfile resumed>) = 65536 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] ftruncate(4, 31) = 0 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5166] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5167] chdir("./48") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5167] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached , parent_tid=[5168], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5168 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5168] munmap(0x7fa30fe43000, 524288) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file0", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file0") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 0 [pid 5168] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 0 [pid 5168] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.823715][ T5168] loop0: detected capacity change from 0 to 1024 [ 61.834163][ T5168] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 61.844924][ T5168] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 61.857786][ T5168] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5168] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] ftruncate(4, 31) = 0 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 1 [pid 5168] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5168] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] exit_group(0) = ? [pid 5168] <... futex resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5169] chdir("./49") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5169] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5170 attached , parent_tid=[5170], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5170 [pid 5170] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5170] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5170] munmap(0x7fa30fe43000, 524288) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file0", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file0") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 1 [pid 5170] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 1 [ 62.018714][ T5170] loop0: detected capacity change from 0 to 1024 [ 62.029819][ T5170] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 62.040641][ T5170] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 62.053527][ T5170] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5170] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] ftruncate(4, 31 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... ftruncate resumed>) = 0 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5170] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... open resumed>) = 7 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5170] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5169] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... pwritev2 resumed>) = 20480 [pid 5170] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0 [pid 5170] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5171] chdir("./50") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5171] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5172 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5172] munmap(0x7fa30fe43000, 524288) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file0", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file0") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 1 [pid 5172] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 1 [pid 5172] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] openat(-1, "/proc/self/exe", O_RDONLY [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... openat resumed>) = 6 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 0 [ 62.218587][ T5172] loop0: detected capacity change from 0 to 1024 [ 62.228271][ T5172] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 62.238919][ T5172] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 62.251819][ T5172] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5172] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 1 [pid 5172] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 1 [pid 5172] ftruncate(4, 31) = 0 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 0 [pid 5172] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5172] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] exit_group(0 [pid 5172] <... futex resumed>) = ? [pid 5171] <... exit_group resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5173] chdir("./51") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5173] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5174 attached , parent_tid=[5174], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5174 [pid 5174] set_robust_list(0x7fa3182639e0, 24 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... set_robust_list resumed>) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5174] munmap(0x7fa30fe43000, 524288) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file0") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 0 [ 62.393979][ T5174] loop0: detected capacity change from 0 to 1024 [ 62.404116][ T5174] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 62.414504][ T5174] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 62.426979][ T5174] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5174] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] <... futex resumed>) = 0 [pid 5174] sendfile(5, 6, NULL, 140737974943952 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... sendfile resumed>) = 65536 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.448471][ T27] kauditd_printk_skb: 66 callbacks suppressed [ 62.448484][ T27] audit: type=1800 audit(1672320162.225:155): pid=5174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 62.476264][ T27] audit: type=1800 audit(1672320162.235:156): pid=5174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5174] ftruncate(4, 31) = 0 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... open resumed>) = 7 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5173] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... pwritev2 resumed>) = 20480 [pid 5174] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] exit_group(0) = ? [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5175 ./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5175] chdir("./52") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5175] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x7fa3182639e0, 24) = 0 [ 62.531219][ T27] audit: type=1800 audit(1672320162.305:157): pid=5174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5176] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... clone resumed>, parent_tid=[5176], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5176 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5176] munmap(0x7fa30fe43000, 524288) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./file0", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5176] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file0") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 62.605962][ T5176] loop0: detected capacity change from 0 to 1024 [ 62.615971][ T5176] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 62.626233][ T5176] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 62.638534][ T5176] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... open resumed>) = 4 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5176] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] sendfile(5, 6, NULL, 140737974943952 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... sendfile resumed>) = 65536 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] ftruncate(4, 31 [ 62.659624][ T27] audit: type=1800 audit(1672320162.435:158): pid=5176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 62.681031][ T27] audit: type=1800 audit(1672320162.435:159): pid=5176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... ftruncate resumed>) = 0 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... open resumed>) = 7 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5176] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5175] exit_group(0) = ? [pid 5176] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 62.732917][ T27] audit: type=1800 audit(1672320162.515:160): pid=5176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5177] chdir("./53") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5177] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x7fa3182639e0, 24 [pid 5177] <... clone resumed>, parent_tid=[5178], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5178 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5178] munmap(0x7fa30fe43000, 524288) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file0", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file0") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 0 [ 62.816461][ T5178] loop0: detected capacity change from 0 to 1024 [ 62.827201][ T5178] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 62.837795][ T5178] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 62.849989][ T5178] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5178] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 0 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5177] <... futex resumed>) = 1 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] ftruncate(4, 31) = 0 [ 62.865474][ T27] audit: type=1800 audit(1672320162.645:161): pid=5178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 62.886763][ T27] audit: type=1800 audit(1672320162.665:162): pid=5178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5178] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5177] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... pwritev2 resumed>) = 20480 [pid 5178] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0) = ? [pid 5178] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 62.949531][ T27] audit: type=1800 audit(1672320162.725:163): pid=5178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x55555702f5d0) = 5179 [pid 5179] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5179] chdir("./54") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5179] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5180], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5180 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5180] munmap(0x7fa30fe43000, 524288) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file0", 0777) = 0 [pid 5180] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file0") = 0 [pid 5180] ioctl(4, LOOP_CLR_FD) = 0 [pid 5180] close(4) = 0 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.056820][ T5180] loop0: detected capacity change from 0 to 1024 [ 63.066922][ T5180] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 63.077318][ T5180] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 63.089319][ T5180] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5180] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... open resumed>) = 5 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] openat(-1, "/proc/self/exe", O_RDONLY [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 6 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] sendfile(5, 6, NULL, 140737974943952 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... sendfile resumed>) = 65536 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [ 63.117801][ T27] audit: type=1800 audit(1672320162.895:164): pid=5180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] ftruncate(4, 31 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... ftruncate resumed>) = 0 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... open resumed>) = 7 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... pwritev2 resumed>) = 20480 [pid 5180] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0 [pid 5180] <... futex resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5181] chdir("./55") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5181] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5182], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5182 ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x7fa3182639e0, 24 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5182] munmap(0x7fa30fe43000, 524288) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] mkdir("./file0", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] chdir("./file0") = 0 [pid 5182] ioctl(4, LOOP_CLR_FD) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] sendfile(5, 6, NULL, 140737974943952 [pid 5181] <... futex resumed>) = 0 [ 63.247175][ T5182] loop0: detected capacity change from 0 to 1024 [ 63.258320][ T5182] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 63.269649][ T5182] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 63.282270][ T5182] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... sendfile resumed>) = 65536 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] ftruncate(4, 31) = 0 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5182] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... open resumed>) = 7 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5182] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5181] <... futex resumed>) = 0 [pid 5182] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5181] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... pwritev2 resumed>) = 20480 [pid 5182] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] exit_group(0) = ? [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5183] chdir("./56") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5183] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5184 attached , parent_tid=[5184], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5184 [pid 5184] set_robust_list(0x7fa3182639e0, 24 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5184] munmap(0x7fa30fe43000, 524288) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5184] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 4 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 5 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] openat(-1, "/proc/self/exe", O_RDONLY [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... openat resumed>) = 6 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] sendfile(5, 6, NULL, 140737974943952 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.441076][ T5184] loop0: detected capacity change from 0 to 1024 [ 63.450736][ T5184] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 63.461210][ T5184] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 63.473716][ T5184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... sendfile resumed>) = 65536 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 1 [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] ftruncate(4, 31) = 0 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 0 [pid 5184] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5184] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 1 [pid 5183] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5185 ./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5185] chdir("./57") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5185] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x7fa3182639e0, 24 [pid 5185] <... clone resumed>, parent_tid=[5186], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5186 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] memfd_create("syzkaller", 0 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] <... memfd_create resumed>) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5186] munmap(0x7fa30fe43000, 524288) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file0", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file0") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... open resumed>) = 4 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] <... open resumed>) = 5 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] sendfile(5, 6, NULL, 140737974943952 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.634218][ T5186] loop0: detected capacity change from 0 to 1024 [ 63.644188][ T5186] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 63.654446][ T5186] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 63.666729][ T5186] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... sendfile resumed>) = 65536 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... futex resumed>) = 1 [pid 5186] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] ftruncate(4, 31 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... ftruncate resumed>) = 0 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... open resumed>) = 7 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... pwritev2 resumed>) = 20480 [pid 5186] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5187] chdir("./58") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5187] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7fa3182639e0, 24 [pid 5187] <... clone resumed>, parent_tid=[5188], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5188 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] memfd_create("syzkaller", 0 [pid 5187] <... futex resumed>) = 0 [pid 5188] <... memfd_create resumed>) = 3 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5188] munmap(0x7fa30fe43000, 524288) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file0", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file0") = 0 [pid 5188] ioctl(4, LOOP_CLR_FD) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... futex resumed>) = 0 [pid 5188] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... open resumed>) = 4 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... futex resumed>) = 0 [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... open resumed>) = 5 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] openat(-1, "/proc/self/exe", O_RDONLY [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... openat resumed>) = 6 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] sendfile(5, 6, NULL, 140737974943952 [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.814874][ T5188] loop0: detected capacity change from 0 to 1024 [ 63.824788][ T5188] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 63.834986][ T5188] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 63.846691][ T5188] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... sendfile resumed>) = 65536 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... futex resumed>) = 0 [pid 5188] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] <... futex resumed>) = 0 [pid 5188] ftruncate(4, 31 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... ftruncate resumed>) = 0 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... open resumed>) = 7 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5187] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... pwritev2 resumed>) = 20480 [pid 5188] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] exit_group(0) = ? [pid 5188] <... futex resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5189] chdir("./59") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5189] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5190 attached , parent_tid=[5190], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5190 [pid 5190] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5190] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5190] munmap(0x7fa30fe43000, 524288) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file0") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5190] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... open resumed>) = 4 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... open resumed>) = 5 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] openat(-1, "/proc/self/exe", O_RDONLY [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... openat resumed>) = 6 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] sendfile(5, 6, NULL, 140737974943952 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.009251][ T5190] loop0: detected capacity change from 0 to 1024 [ 64.018341][ T5190] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.028752][ T5190] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 64.040288][ T5190] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... sendfile resumed>) = 65536 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5190] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] ftruncate(4, 31 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... ftruncate resumed>) = 0 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... open resumed>) = 7 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5190] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] exit_group(0) = ? [pid 5190] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5191] chdir("./60") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5191] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5192 attached , parent_tid=[5192], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5192 [pid 5192] set_robust_list(0x7fa3182639e0, 24 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... set_robust_list resumed>) = 0 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5192] munmap(0x7fa30fe43000, 524288) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file0") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [ 64.197402][ T5192] loop0: detected capacity change from 0 to 1024 [ 64.207032][ T5192] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.217590][ T5192] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 64.229953][ T5192] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5192] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5191] <... futex resumed>) = 0 [pid 5192] ftruncate(4, 31 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... ftruncate resumed>) = 0 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... open resumed>) = 7 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5191] <... futex resumed>) = 0 [pid 5192] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5191] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... pwritev2 resumed>) = 20480 [pid 5192] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0 [pid 5192] <... futex resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5193] chdir("./61") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5193] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5194], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5194 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5194] munmap(0x7fa30fe43000, 524288) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] mkdir("./file0", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./file0") = 0 [pid 5194] ioctl(4, LOOP_CLR_FD) = 0 [pid 5194] close(4) = 0 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 4 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 5 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5193] <... futex resumed>) = 0 [pid 5194] openat(-1, "/proc/self/exe", O_RDONLY [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... openat resumed>) = 6 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 64.384180][ T5194] loop0: detected capacity change from 0 to 1024 [ 64.394010][ T5194] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.404380][ T5194] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 64.416372][ T5194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5194] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] ftruncate(4, 31 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... ftruncate resumed>) = 0 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 7 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5193] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... pwritev2 resumed>) = 20480 [pid 5194] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] exit_group(0 [pid 5194] <... futex resumed>) = ? [pid 5193] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5195] chdir("./62") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5195] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5196], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5196 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5196] munmap(0x7fa30fe43000, 524288) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./file0", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./file0") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 0 [pid 5196] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [ 64.585815][ T5196] loop0: detected capacity change from 0 to 1024 [ 64.595603][ T5196] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.605878][ T5196] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 64.618510][ T5196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5196] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] ftruncate(4, 31 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... ftruncate resumed>) = 0 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... open resumed>) = 7 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... pwritev2 resumed>) = 20480 [pid 5196] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] exit_group(0 [pid 5196] <... futex resumed>) = ? [pid 5195] <... exit_group resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5197] chdir("./63") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5197] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5198], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5198 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5198 attached [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5198] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5198] munmap(0x7fa30fe43000, 524288) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file0", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file0") = 0 [pid 5198] ioctl(4, LOOP_CLR_FD) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = 1 [pid 5198] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = 1 [ 64.769852][ T5198] loop0: detected capacity change from 0 to 1024 [ 64.779317][ T5198] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.790101][ T5198] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 64.802538][ T5198] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5198] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] ftruncate(4, 31) = 0 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5198] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] exit_group(0) = ? [pid 5198] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached , child_tidptr=0x55555702f5d0) = 5199 [pid 5199] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5199] chdir("./64") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5199] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5200 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5200] munmap(0x7fa30fe43000, 524288) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file0", 0777) = 0 [pid 5200] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file0") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [pid 5200] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [pid 5200] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [pid 5200] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [ 64.972643][ T5200] loop0: detected capacity change from 0 to 1024 [ 64.982083][ T5200] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 64.992618][ T5200] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.004562][ T5200] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5200] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5200] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5200] ftruncate(4, 31 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] <... ftruncate resumed>) = 0 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... open resumed>) = 7 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5199] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... pwritev2 resumed>) = 20480 [pid 5200] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] exit_group(0) = ? [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5201] chdir("./65") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5201] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5202], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5202 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5202] munmap(0x7fa30fe43000, 524288) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file0", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file0") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 4 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 5 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] sendfile(5, 6, NULL, 140737974943952 [pid 5201] <... futex resumed>) = 0 [ 65.162088][ T5202] loop0: detected capacity change from 0 to 1024 [ 65.172011][ T5202] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 65.182475][ T5202] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.194149][ T5202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... sendfile resumed>) = 65536 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5202] ftruncate(4, 31 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ftruncate resumed>) = 0 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 7 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5202] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] exit_group(0 [pid 5202] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... exit_group resumed>) = ? [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5203 ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5203] chdir("./66") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5203] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5204] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... clone resumed>, parent_tid=[5204], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5204 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5204] munmap(0x7fa30fe43000, 524288) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] mkdir("./file0", 0777) = 0 [pid 5204] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] chdir("./file0") = 0 [pid 5204] ioctl(4, LOOP_CLR_FD) = 0 [pid 5204] close(4) = 0 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [pid 5204] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 0 [pid 5204] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [pid 5204] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 1 [ 65.356377][ T5204] loop0: detected capacity change from 0 to 1024 [ 65.365726][ T5204] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 65.376366][ T5204] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.387935][ T5204] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5204] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] ftruncate(4, 31) = 0 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5204] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] exit_group(0) = ? [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x55555702f5d0) = 5205 [pid 5205] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5205] chdir("./67") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5205] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5206 attached , parent_tid=[5206], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5206 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5206] munmap(0x7fa30fe43000, 524288) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file0", 0777) = 0 [pid 5206] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./file0") = 0 [pid 5206] ioctl(4, LOOP_CLR_FD) = 0 [pid 5206] close(4) = 0 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 0 [pid 5206] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... open resumed>) = 5 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] openat(-1, "/proc/self/exe", O_RDONLY [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... openat resumed>) = 6 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = 0 [pid 5206] sendfile(5, 6, NULL, 140737974943952 [ 65.536203][ T5206] loop0: detected capacity change from 0 to 1024 [ 65.545751][ T5206] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 65.556363][ T5206] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.568215][ T5206] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... sendfile resumed>) = 65536 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] ftruncate(4, 31) = 0 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... open resumed>) = 7 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5205] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5206] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5206] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] exit_group(0 [pid 5206] <... futex resumed>) = ? [pid 5205] <... exit_group resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5207 ./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5207] chdir("./68") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5207] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5208 attached , parent_tid=[5208], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5208 [pid 5208] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5208] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5208] munmap(0x7fa30fe43000, 524288) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file0", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file0") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] openat(-1, "/proc/self/exe", O_RDONLY [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 6 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] sendfile(5, 6, NULL, 140737974943952 [pid 5207] <... futex resumed>) = 0 [ 65.725733][ T5208] loop0: detected capacity change from 0 to 1024 [ 65.736188][ T5208] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 65.746453][ T5208] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.758229][ T5208] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... sendfile resumed>) = 65536 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] ftruncate(4, 31) = 0 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 7 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... pwritev2 resumed>) = 20480 [pid 5208] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] exit_group(0) = ? [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5209] chdir("./69") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5209] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5210 attached , parent_tid=[5210], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5210 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] set_robust_list(0x7fa3182639e0, 24 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] <... set_robust_list resumed>) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5210] munmap(0x7fa30fe43000, 524288) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... open resumed>) = 5 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] openat(-1, "/proc/self/exe", O_RDONLY [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] <... openat resumed>) = 6 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] sendfile(5, 6, NULL, 140737974943952 [pid 5209] <... futex resumed>) = 0 [ 65.917972][ T5210] loop0: detected capacity change from 0 to 1024 [ 65.928262][ T5210] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 65.938779][ T5210] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 65.950887][ T5210] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... sendfile resumed>) = 65536 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] ftruncate(4, 31) = 0 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5210] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] exit_group(0) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5211] chdir("./70") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5211] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5212 attached , parent_tid=[5212], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5212 [pid 5212] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5212] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] memfd_create("syzkaller", 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] <... memfd_create resumed>) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5212] munmap(0x7fa30fe43000, 524288) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 0 [pid 5212] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [ 66.119706][ T5212] loop0: detected capacity change from 0 to 1024 [ 66.129517][ T5212] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 66.140309][ T5212] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.153087][ T5212] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5212] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] ftruncate(4, 31) = 0 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... open resumed>) = 7 [pid 5211] <... futex resumed>) = 0 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 0 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5211] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... pwritev2 resumed>) = 20480 [pid 5212] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] exit_group(0) = ? [pid 5212] <... futex resumed>) = ? [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x55555702f5d0) = 5213 [pid 5213] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5213] chdir("./71") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5213] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5214 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5214] munmap(0x7fa30fe43000, 524288) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file0", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file0") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [ 66.314641][ T5214] loop0: detected capacity change from 0 to 1024 [ 66.324713][ T5214] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 66.334934][ T5214] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.346585][ T5214] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5214] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] ftruncate(4, 31) = 0 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5214] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5215] chdir("./72") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5215] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5216 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5216] munmap(0x7fa30fe43000, 524288) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file0", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file0") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 0 [pid 5216] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 0 [pid 5216] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [ 66.475970][ T5216] loop0: detected capacity change from 0 to 1024 [ 66.485400][ T5216] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 66.495986][ T5216] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.507808][ T5216] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5216] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5216] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5216] ftruncate(4, 31 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... ftruncate resumed>) = 0 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5215] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... pwritev2 resumed>) = 20480 [pid 5216] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5217] chdir("./73") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5217] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5218 attached , parent_tid=[5218], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5218 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5218] munmap(0x7fa30fe43000, 524288) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file0", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file0") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [pid 5218] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 1 [ 66.654870][ T5218] loop0: detected capacity change from 0 to 1024 [ 66.666286][ T5218] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 66.676889][ T5218] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.689250][ T5218] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5218] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] ftruncate(4, 31 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... ftruncate resumed>) = 0 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 7 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5217] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... pwritev2 resumed>) = 20480 [pid 5218] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5217] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x55555702f5d0) = 5219 [pid 5219] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5219] chdir("./74") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5219] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5220 attached , parent_tid=[5220], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5220 [pid 5220] set_robust_list(0x7fa3182639e0, 24 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... memfd_create resumed>) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... mmap resumed>) = 0x7fa30fe43000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5220] munmap(0x7fa30fe43000, 524288) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file0", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file0") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 0 [pid 5220] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] sendfile(5, 6, NULL, 140737974943952 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.851082][ T5220] loop0: detected capacity change from 0 to 1024 [ 66.860407][ T5220] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 66.870662][ T5220] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.882194][ T5220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... sendfile resumed>) = 65536 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] ftruncate(4, 31 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... ftruncate resumed>) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... open resumed>) = 7 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... pwritev2 resumed>) = 20480 [pid 5220] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5219] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5221] chdir("./75") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5221] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5222], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5222 [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5222] munmap(0x7fa30fe43000, 524288) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file0", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file0") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... open resumed>) = 4 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] <... futex resumed>) = 0 [pid 5222] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... open resumed>) = 5 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] openat(-1, "/proc/self/exe", O_RDONLY [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... openat resumed>) = 6 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] sendfile(5, 6, NULL, 140737974943952 [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.029663][ T5222] loop0: detected capacity change from 0 to 1024 [ 67.039660][ T5222] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 67.050690][ T5222] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 67.063343][ T5222] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... sendfile resumed>) = 65536 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] <... futex resumed>) = 0 [pid 5222] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... futex resumed>) = 1 [pid 5222] ftruncate(4, 31) = 0 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] <... futex resumed>) = 0 [pid 5222] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... open resumed>) = 7 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] <... futex resumed>) = 0 [pid 5222] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5221] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... pwritev2 resumed>) = 20480 [pid 5222] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5221] <... exit_group resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5223] chdir("./76") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5223] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5224], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5224] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5224] munmap(0x7fa30fe43000, 524288) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file0", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file0") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 0 [pid 5224] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 1 [pid 5224] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.228103][ T5224] loop0: detected capacity change from 0 to 1024 [ 67.237666][ T5224] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 67.248739][ T5224] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 67.261478][ T5224] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5224] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] ftruncate(4, 31 [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... ftruncate resumed>) = 0 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5224] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5223] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... pwritev2 resumed>) = 20480 [pid 5224] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0) = ? [pid 5224] <... futex resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5225 ./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5225] chdir("./77") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5225] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5226], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5226 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5226] munmap(0x7fa30fe43000, 524288) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] mkdir("./file0", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5226] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file0") = 0 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.425792][ T5226] loop0: detected capacity change from 0 to 1024 [ 67.436226][ T5226] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 67.446490][ T5226] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 67.458344][ T5226] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... open resumed>) = 4 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5226] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... open resumed>) = 5 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5226] openat(-1, "/proc/self/exe", O_RDONLY [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... openat resumed>) = 6 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5226] sendfile(5, 6, NULL, 140737974943952 [ 67.471620][ T27] kauditd_printk_skb: 68 callbacks suppressed [ 67.471632][ T27] audit: type=1800 audit(1672320167.245:233): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... sendfile resumed>) = 65536 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] ftruncate(4, 31 [pid 5225] <... futex resumed>) = 0 [pid 5226] <... ftruncate resumed>) = 0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5226] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... open resumed>) = 7 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5226] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [ 67.511209][ T27] audit: type=1800 audit(1672320167.285:234): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5225] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... pwritev2 resumed>) = 20480 [pid 5226] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5225] exit_group(0) = ? [pid 5226] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5227 ./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5227] chdir("./78") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5227] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5228] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... clone resumed>, parent_tid=[5228], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5228 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [ 67.561069][ T27] audit: type=1800 audit(1672320167.335:235): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5228] munmap(0x7fa30fe43000, 524288) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file0", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file0") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 0 [ 67.639601][ T5228] loop0: detected capacity change from 0 to 1024 [ 67.649339][ T5228] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 67.659694][ T5228] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 67.672038][ T5228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5228] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [ 67.696004][ T27] audit: type=1800 audit(1672320167.475:236): pid=5228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 67.717757][ T27] audit: type=1800 audit(1672320167.485:237): pid=5228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5228] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] ftruncate(4, 31) = 0 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 0 [pid 5228] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5228] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5228] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] exit_group(0 [pid 5228] <... futex resumed>) = ? [pid 5227] <... exit_group resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x55555702f5e0, 24) = 0 [ 67.762112][ T27] audit: type=1800 audit(1672320167.535:238): pid=5228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5229] chdir("./79") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5229] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached , parent_tid=[5230], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5230 [pid 5230] set_robust_list(0x7fa3182639e0, 24 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] <... set_robust_list resumed>) = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5230] munmap(0x7fa30fe43000, 524288) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 67.847395][ T5230] loop0: detected capacity change from 0 to 1024 [ 67.856410][ T5230] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 67.866637][ T5230] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 67.878268][ T5230] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] <... open resumed>) = 4 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... open resumed>) = 5 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 0 [pid 5230] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] ftruncate(4, 31) = 0 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.890865][ T27] audit: type=1800 audit(1672320167.665:239): pid=5230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 67.913632][ T27] audit: type=1800 audit(1672320167.695:240): pid=5230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 0 [pid 5230] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5230] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5231 ./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5231] chdir("./80") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [ 67.979296][ T27] audit: type=1800 audit(1672320167.755:241): pid=5230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5231] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5232 attached , parent_tid=[5232], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5232 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5232] memfd_create("syzkaller", 0) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5232] munmap(0x7fa30fe43000, 524288) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file0", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file0") = 0 [pid 5232] ioctl(4, LOOP_CLR_FD) = 0 [pid 5232] close(4) = 0 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 0 [ 68.059991][ T5232] loop0: detected capacity change from 0 to 1024 [ 68.069616][ T5232] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 68.079882][ T5232] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 68.091400][ T5232] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5232] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 0 [pid 5232] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [ 68.107500][ T27] audit: type=1800 audit(1672320167.885:242): pid=5232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5232] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] ftruncate(4, 31) = 0 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... open resumed>) = 7 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... pwritev2 resumed>) = 20480 [pid 5232] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] exit_group(0) = ? [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5233] chdir("./81") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5233] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5234 attached , parent_tid=[5234], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5234 [pid 5234] set_robust_list(0x7fa3182639e0, 24 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5234] memfd_create("syzkaller", 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] <... memfd_create resumed>) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5234] munmap(0x7fa30fe43000, 524288) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file0") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 4 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 5 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] openat(-1, "/proc/self/exe", O_RDONLY [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... openat resumed>) = 6 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] sendfile(5, 6, NULL, 140737974943952 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... sendfile resumed>) = 65536 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [ 68.265840][ T5234] loop0: detected capacity change from 0 to 1024 [ 68.276339][ T5234] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 68.286761][ T5234] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 68.298444][ T5234] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5234] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] ftruncate(4, 31) = 0 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5234] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5235] chdir("./82") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5235] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5236] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... clone resumed>, parent_tid=[5236], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5236 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] memfd_create("syzkaller", 0 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] <... memfd_create resumed>) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5236] munmap(0x7fa30fe43000, 524288) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file0", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file0") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... open resumed>) = 5 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] openat(-1, "/proc/self/exe", O_RDONLY [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... openat resumed>) = 6 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] sendfile(5, 6, NULL, 140737974943952 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.444719][ T5236] loop0: detected capacity change from 0 to 1024 [ 68.457080][ T5236] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 68.467623][ T5236] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 68.479906][ T5236] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... sendfile resumed>) = 65536 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 0 [pid 5236] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5236] ftruncate(4, 31 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... ftruncate resumed>) = 0 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5236] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... open resumed>) = 7 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5235] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... pwritev2 resumed>) = 20480 [pid 5236] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0) = ? [pid 5236] <... futex resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5237] chdir("./83") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5237] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5238 attached , parent_tid=[5238], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5238 [pid 5238] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5238] munmap(0x7fa30fe43000, 524288) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file0", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file0") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] <... open resumed>) = 5 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5238] openat(-1, "/proc/self/exe", O_RDONLY [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... openat resumed>) = 6 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] sendfile(5, 6, NULL, 140737974943952 [pid 5237] <... futex resumed>) = 0 [ 68.630560][ T5238] loop0: detected capacity change from 0 to 1024 [ 68.640986][ T5238] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 68.651229][ T5238] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 68.664318][ T5238] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... sendfile resumed>) = 65536 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5238] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5238] ftruncate(4, 31 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... ftruncate resumed>) = 0 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... open resumed>) = 7 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 0 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 0 [pid 5238] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5238] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5237] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5239 ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5239] chdir("./84") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5239] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5240], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5240 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5240] munmap(0x7fa30fe43000, 524288) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file0", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file0") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [ 68.802288][ T5240] loop0: detected capacity change from 0 to 1024 [ 68.811753][ T5240] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 68.823152][ T5240] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 68.834999][ T5240] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5240] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] <... futex resumed>) = 0 [pid 5240] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] ftruncate(4, 31) = 0 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... open resumed>) = 7 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5240] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5241] chdir("./85") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5241] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5242 attached , parent_tid=[5242], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5242 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5242] munmap(0x7fa30fe43000, 524288) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file0", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file0") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... futex resumed>) = 0 [pid 5242] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... futex resumed>) = 1 [pid 5242] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.008376][ T5242] loop0: detected capacity change from 0 to 1024 [ 69.018468][ T5242] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.028988][ T5242] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.041328][ T5242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5242] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5242] <... futex resumed>) = 1 [pid 5242] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] ftruncate(4, 31 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] <... ftruncate resumed>) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5242] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... open resumed>) = 7 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... pwritev2 resumed>) = 20480 [pid 5242] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0) = ? [pid 5242] <... futex resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5243] chdir("./86") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5068] <... clone resumed>, child_tidptr=0x55555702f5d0) = 5243 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5243] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5244 attached , parent_tid=[5244], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5244 [pid 5244] set_robust_list(0x7fa3182639e0, 24 [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5244] munmap(0x7fa30fe43000, 524288) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file0", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file0") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5244] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... open resumed>) = 4 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] openat(-1, "/proc/self/exe", O_RDONLY [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] <... openat resumed>) = 6 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5244] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5244] sendfile(5, 6, NULL, 140737974943952 [ 69.219567][ T5244] loop0: detected capacity change from 0 to 1024 [ 69.229914][ T5244] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.240359][ T5244] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.253247][ T5244] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... sendfile resumed>) = 65536 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] ftruncate(4, 31) = 0 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5244] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] exit_group(0) = ? [pid 5244] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5245] chdir("./87") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5245] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5246 attached , parent_tid=[5246], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5246 [pid 5246] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5246] munmap(0x7fa30fe43000, 524288) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file0") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [ 69.410840][ T5246] loop0: detected capacity change from 0 to 1024 [ 69.420986][ T5246] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.431677][ T5246] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.444722][ T5246] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5246] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] ftruncate(4, 31) = 0 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... open resumed>) = 7 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5245] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... pwritev2 resumed>) = 20480 [pid 5246] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5246] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5247] chdir("./88") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5247] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5248 attached , parent_tid=[5248], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5248 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5248] munmap(0x7fa30fe43000, 524288) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file0", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file0") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [ 69.598000][ T5248] loop0: detected capacity change from 0 to 1024 [ 69.608346][ T5248] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.618714][ T5248] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.631913][ T5248] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5248] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] ftruncate(4, 31 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... ftruncate resumed>) = 0 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5248] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5247] exit_group(0 [pid 5248] ???( [pid 5247] <... exit_group resumed>) = ? [pid 5248] <... ??? resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x55555702f5d0) = 5249 [pid 5249] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5249] chdir("./89") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5249] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5250 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5250] munmap(0x7fa30fe43000, 524288) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./file0", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file0") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 0 [pid 5250] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 0 [pid 5250] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] sendfile(5, 6, NULL, 140737974943952 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.773449][ T5250] loop0: detected capacity change from 0 to 1024 [ 69.783432][ T5250] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.793906][ T5250] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.806296][ T5250] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... sendfile resumed>) = 65536 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 0 [pid 5250] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] ftruncate(4, 31 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... ftruncate resumed>) = 0 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... open resumed>) = 7 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5250] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5249] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... pwritev2 resumed>) = 20480 [pid 5250] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5251] chdir("./90") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5251] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5252 attached , parent_tid=[5252], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5252 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5252] munmap(0x7fa30fe43000, 524288) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 0 [pid 5252] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] sendfile(5, 6, NULL, 140737974943952 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.956574][ T5252] loop0: detected capacity change from 0 to 1024 [ 69.965879][ T5252] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 69.976652][ T5252] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 69.989245][ T5252] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... sendfile resumed>) = 65536 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] ftruncate(4, 31) = 0 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5252] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5252] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0) = ? [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5253 ./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5253] chdir("./91") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5253] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5254], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5254 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5254] munmap(0x7fa30fe43000, 524288) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file0", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file0") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 70.140689][ T5254] loop0: detected capacity change from 0 to 1024 [ 70.150375][ T5254] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 70.161039][ T5254] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 70.173333][ T5254] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5254] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5254] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] ftruncate(4, 31) = 0 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5254] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0) = ? [pid 5254] <... futex resumed>) = ? [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5255] chdir("./92") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5255] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5256], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5256 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5256] munmap(0x7fa30fe43000, 524288) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file0", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file0") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5256] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... open resumed>) = 4 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5256] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... open resumed>) = 5 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] openat(-1, "/proc/self/exe", O_RDONLY [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... openat resumed>) = 6 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] sendfile(5, 6, NULL, 140737974943952 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.315937][ T5256] loop0: detected capacity change from 0 to 1024 [ 70.325737][ T5256] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 70.335974][ T5256] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 70.347723][ T5256] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... sendfile resumed>) = 65536 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5256] ftruncate(4, 31 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... ftruncate resumed>) = 0 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... open resumed>) = 7 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5255] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... pwritev2 resumed>) = 20480 [pid 5256] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5255] exit_group(0 [pid 5256] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5255] <... exit_group resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5257] chdir("./93") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5257] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5258 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5258] munmap(0x7fa30fe43000, 524288) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./file0", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file0") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] sendfile(5, 6, NULL, 140737974943952 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.495260][ T5258] loop0: detected capacity change from 0 to 1024 [ 70.505668][ T5258] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 70.516204][ T5258] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 70.528601][ T5258] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... sendfile resumed>) = 65536 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] ftruncate(4, 31 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... ftruncate resumed>) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5258] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] exit_group(0 [pid 5258] ???( [pid 5257] <... exit_group resumed>) = ? [pid 5258] <... ??? resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5259] chdir("./94") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5259] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5260], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5260 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5260] munmap(0x7fa30fe43000, 524288) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file0", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file0") = 0 [pid 5260] ioctl(4, LOOP_CLR_FD) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [ 70.653198][ T5260] loop0: detected capacity change from 0 to 1024 [ 70.663724][ T5260] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 70.674064][ T5260] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 70.686674][ T5260] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5260] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] ftruncate(4, 31) = 0 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5260] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] exit_group(0 [pid 5260] <... futex resumed>) = ? [pid 5259] <... exit_group resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5261 ./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5261] chdir("./95") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5261] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5262], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5262] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5262] munmap(0x7fa30fe43000, 524288) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] mkdir("./file0", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file0") = 0 [pid 5262] ioctl(4, LOOP_CLR_FD) = 0 [pid 5262] close(4) = 0 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... futex resumed>) = 1 [pid 5262] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... open resumed>) = 5 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] openat(-1, "/proc/self/exe", O_RDONLY [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... openat resumed>) = 6 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] sendfile(5, 6, NULL, 140737974943952 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.831957][ T5262] loop0: detected capacity change from 0 to 1024 [ 70.841349][ T5262] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 70.851836][ T5262] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 70.863945][ T5262] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... sendfile resumed>) = 65536 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [pid 5262] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] ftruncate(4, 31 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... ftruncate resumed>) = 0 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... open resumed>) = 7 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... pwritev2 resumed>) = 20480 [pid 5262] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5261] exit_group(0) = ? [pid 5262] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5263] chdir("./96") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5263] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5264 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5264] munmap(0x7fa30fe43000, 524288) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file0", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file0") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 1 [ 71.013380][ T5264] loop0: detected capacity change from 0 to 1024 [ 71.023521][ T5264] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 71.033796][ T5264] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 71.046529][ T5264] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5264] sendfile(5, 6, NULL, 140737974943952 [pid 5263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5263] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5263] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5265], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5265 [pid 5263] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... sendfile resumed>) = 65536 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x7fa30fec29e0, 24 [pid 5264] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... set_robust_list resumed>) = 0 [pid 5265] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5265] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5265] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 0 [pid 5264] ftruncate(4, 31) = 0 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... open resumed>) = 7 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5263] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... pwritev2 resumed>) = 20480 [pid 5264] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5263] <... exit_group resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5266] chdir("./97") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5266] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5267], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5267 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5267] munmap(0x7fa30fe43000, 524288) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file0", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file0") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [ 71.278859][ T5267] loop0: detected capacity change from 0 to 1024 [ 71.290635][ T5267] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 71.301792][ T5267] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 71.315479][ T5267] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5267] sendfile(5, 6, NULL, 140737974943952 [pid 5266] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5266] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5266] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5268], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5268 [pid 5266] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5268] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5267] <... sendfile resumed>) = 65536 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5268] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 0 [pid 5267] ftruncate(4, 31 [pid 5268] <... futex resumed>) = 1 [pid 5267] <... ftruncate resumed>) = 0 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5268] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... pwritev2 resumed>) = 20480 [pid 5267] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] exit_group(0) = ? [pid 5268] <... futex resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5267] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5269] chdir("./98") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5269] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5270 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5270] munmap(0x7fa30fe43000, 524288) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [pid 5270] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file0") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [ 71.514243][ T5270] loop0: detected capacity change from 0 to 1024 [ 71.525556][ T5270] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 71.536190][ T5270] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 71.549007][ T5270] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5270] sendfile(5, 6, NULL, 140737974943952 [pid 5269] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5269] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5269] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5271 attached , parent_tid=[5271], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5271 [pid 5271] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5271] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 0 [pid 5271] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5270] <... sendfile resumed>) = 65536 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5271] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5270] ftruncate(4, 31 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... ftruncate resumed>) = 0 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5270] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5269] exit_group(0 [pid 5270] <... futex resumed>) = ? [pid 5269] <... exit_group resumed>) = ? [pid 5271] <... futex resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5272] chdir("./99") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5272] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5273], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5273 ./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5273] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5273] munmap(0x7fa30fe43000, 524288) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file0", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file0") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [ 71.762399][ T5273] loop0: detected capacity change from 0 to 1024 [ 71.773933][ T5273] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 71.784365][ T5273] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 71.796006][ T5273] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5273] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5273] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] ftruncate(4, 31 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] <... ftruncate resumed>) = 0 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5273] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5272] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... pwritev2 resumed>) = 20480 [pid 5273] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] exit_group(0) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5274 ./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5274] chdir("./100") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5274] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5275 attached , parent_tid=[5275], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5275 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5275] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5275] munmap(0x7fa30fe43000, 524288) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file0", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file0") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 0 [pid 5275] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... open resumed>) = 5 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.950866][ T5275] loop0: detected capacity change from 0 to 1024 [ 71.960912][ T5275] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 71.971642][ T5275] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 71.984207][ T5275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5275] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] ftruncate(4, 31) = 0 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5275] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] exit_group(0) = ? [pid 5275] <... futex resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5276 ./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5276] chdir("./101") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5276] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5277 attached , parent_tid=[5277], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5277 [pid 5277] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5277] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5277] munmap(0x7fa30fe43000, 524288) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5277] close(3) = 0 [pid 5277] mkdir("./file0", 0777) = 0 [pid 5277] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./file0") = 0 [pid 5277] ioctl(4, LOOP_CLR_FD) = 0 [pid 5277] close(4) = 0 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] sendfile(5, 6, NULL, 140737974943952 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.159609][ T5277] loop0: detected capacity change from 0 to 1024 [ 72.169498][ T5277] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 72.179776][ T5277] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 72.191295][ T5277] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... sendfile resumed>) = 65536 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] ftruncate(4, 31 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... ftruncate resumed>) = 0 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = 1 [pid 5277] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... open resumed>) = 7 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5276] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... pwritev2 resumed>) = 20480 [pid 5277] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] exit_group(0 [pid 5277] <... futex resumed>) = ? [pid 5276] <... exit_group resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5278] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5278] chdir("./102") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5278] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5279] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... clone resumed>, parent_tid=[5279], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5279 [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5279] munmap(0x7fa30fe43000, 524288) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file0", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file0") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5279] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... open resumed>) = 4 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] <... open resumed>) = 5 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] openat(-1, "/proc/self/exe", O_RDONLY [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... openat resumed>) = 6 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] sendfile(5, 6, NULL, 140737974943952 [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.358020][ T5279] loop0: detected capacity change from 0 to 1024 [ 72.367216][ T5279] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 72.377414][ T5279] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 72.389194][ T5279] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... sendfile resumed>) = 65536 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 0 [pid 5279] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] ftruncate(4, 31 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... ftruncate resumed>) = 0 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [pid 5279] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [pid 5279] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5279] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] exit_group(0 [pid 5279] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5280] chdir("./103") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5280] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5281], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5281 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5281] munmap(0x7fa30fe43000, 524288) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file0", 0777) = 0 [pid 5281] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file0") = 0 [pid 5281] ioctl(4, LOOP_CLR_FD) = 0 [pid 5281] close(4) = 0 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.535390][ T5281] loop0: detected capacity change from 0 to 1024 [ 72.545071][ T5281] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 72.555440][ T5281] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 72.567393][ T5281] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5281] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [pid 5281] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [pid 5281] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [pid 5281] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [pid 5281] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] ftruncate(4, 31 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... ftruncate resumed>) = 0 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [pid 5281] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 1 [ 72.583504][ T27] kauditd_printk_skb: 68 callbacks suppressed [ 72.583516][ T27] audit: type=1800 audit(1672320172.365:311): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 72.611087][ T27] audit: type=1800 audit(1672320172.375:312): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5281] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5281] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5281] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] exit_group(0 [pid 5281] <... futex resumed>) = ? [pid 5280] <... exit_group resumed>) = ? [pid 5281] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 72.651012][ T27] audit: type=1800 audit(1672320172.425:313): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 rmdir("./103/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5282 ./strace-static-x86_64: Process 5282 attached [pid 5282] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5282] chdir("./104") = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5282] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5282] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5283 attached , parent_tid=[5283], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5283 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5283] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5283] memfd_create("syzkaller", 0) = 3 [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5283] munmap(0x7fa30fe43000, 524288) = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5283] close(3) = 0 [pid 5283] mkdir("./file0", 0777) = 0 [pid 5283] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5283] chdir("./file0") = 0 [pid 5283] ioctl(4, LOOP_CLR_FD) = 0 [pid 5283] close(4) = 0 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [ 72.752325][ T5283] loop0: detected capacity change from 0 to 1024 [ 72.762175][ T5283] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 72.772512][ T5283] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 72.785148][ T5283] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5283] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] ftruncate(4, 31) = 0 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [ 72.806460][ T27] audit: type=1800 audit(1672320172.585:314): pid=5283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 72.828421][ T27] audit: type=1800 audit(1672320172.595:315): pid=5283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5283] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 0 [pid 5283] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5283] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5282] exit_group(0) = ? [pid 5283] <... futex resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 72.876209][ T27] audit: type=1800 audit(1672320172.655:316): pid=5283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x55555702f5d0) = 5284 [pid 5284] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5284] chdir("./105") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5284] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5285], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5285 ./strace-static-x86_64: Process 5285 attached [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5285] memfd_create("syzkaller", 0) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5285] munmap(0x7fa30fe43000, 524288) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] mkdir("./file0", 0777) = 0 [pid 5285] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5285] chdir("./file0") = 0 [pid 5285] ioctl(4, LOOP_CLR_FD) = 0 [pid 5285] close(4) = 0 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 0 [ 72.954726][ T5285] loop0: detected capacity change from 0 to 1024 [ 72.964324][ T5285] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 72.974581][ T5285] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 72.986243][ T5285] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5285] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] sendfile(5, 6, NULL, 140737974943952 [pid 5284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5284] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5284] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5286], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5284] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5285] <... sendfile resumed>) = 65536 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5286] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 0 [pid 5285] ftruncate(4, 31) = 0 [ 73.005407][ T27] audit: type=1800 audit(1672320172.785:317): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 73.028094][ T27] audit: type=1800 audit(1672320172.785:318): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5285] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5285] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... open resumed>) = 7 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5285] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... futex resumed>) = 0 [pid 5285] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5284] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... pwritev2 resumed>) = 20480 [pid 5285] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] exit_group(0 [pid 5286] <... futex resumed>) = ? [pid 5284] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5287 ./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5287] chdir("./106") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5287] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5288 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [ 73.087386][ T27] audit: type=1800 audit(1672320172.865:319): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5288] munmap(0x7fa30fe43000, 524288) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./file0", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file0") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... open resumed>) = 4 [ 73.155564][ T5288] loop0: detected capacity change from 0 to 1024 [ 73.165794][ T5288] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 73.176024][ T5288] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 73.187756][ T5288] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] <... futex resumed>) = 0 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... open resumed>) = 5 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] openat(-1, "/proc/self/exe", O_RDONLY [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... openat resumed>) = 6 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] sendfile(5, 6, NULL, 140737974943952 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... sendfile resumed>) = 65536 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [ 73.204711][ T27] audit: type=1800 audit(1672320172.985:320): pid=5288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5288] ftruncate(4, 31 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... ftruncate resumed>) = 0 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... open resumed>) = 7 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5288] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] exit_group(0) = ? [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5289 ./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5289] chdir("./107") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5289] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5290], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5290 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5290] munmap(0x7fa30fe43000, 524288) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file0", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file0") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [ 73.341255][ T5290] loop0: detected capacity change from 0 to 1024 [ 73.355370][ T5290] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 73.365703][ T5290] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 73.377463][ T5290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5290] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] ftruncate(4, 31) = 0 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5290] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] exit_group(0) = ? [pid 5290] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5291 ./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5291] chdir("./108") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5291] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5291] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5292], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5292 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5292] memfd_create("syzkaller", 0) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5292] munmap(0x7fa30fe43000, 524288) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5292] close(3) = 0 [pid 5292] mkdir("./file0", 0777) = 0 [pid 5292] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file0") = 0 [pid 5292] ioctl(4, LOOP_CLR_FD) = 0 [pid 5292] close(4) = 0 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [ 73.518778][ T5292] loop0: detected capacity change from 0 to 1024 [ 73.528746][ T5292] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 73.539320][ T5292] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 73.551155][ T5292] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5292] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] ftruncate(4, 31) = 0 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5292] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] exit_group(0) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5293] chdir("./109") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5293] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5294], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5294 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5294 attached [pid 5294] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5294] munmap(0x7fa30fe43000, 524288) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file0", 0777) = 0 [ 73.688834][ T5294] loop0: detected capacity change from 0 to 1024 [ 73.695166][ T5070] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 73.695307][ T5070] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 73.714205][ T5070] Buffer I/O error on dev loop0, logical block 0, async page read [ 73.724621][ T5294] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [pid 5294] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file0") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [ 73.734944][ T5294] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 73.746508][ T5294] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5294] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] ftruncate(4, 31 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... ftruncate resumed>) = 0 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... open resumed>) = 7 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5294] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5294] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0 [pid 5294] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5295] chdir("./110") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5295] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5296 attached , parent_tid=[5296], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5296 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5296] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5296] munmap(0x7fa30fe43000, 524288) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file0", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file0") = 0 [pid 5296] ioctl(4, LOOP_CLR_FD) = 0 [pid 5296] close(4) = 0 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 1 [pid 5296] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 1 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 1 [pid 5296] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 1 [ 73.926112][ T5296] loop0: detected capacity change from 0 to 1024 [ 73.936087][ T5296] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 73.946407][ T5296] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 73.958658][ T5296] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5296] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] ftruncate(4, 31 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... ftruncate resumed>) = 0 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... open resumed>) = 7 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5296] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0 [pid 5296] <... futex resumed>) = ? [pid 5295] <... exit_group resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5297] chdir("./111") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5297] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5298 attached , parent_tid=[5298], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5298 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5298] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5298] munmap(0x7fa30fe43000, 524288) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file0", 0777) = 0 [pid 5298] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file0") = 0 [pid 5298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5298] close(4) = 0 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... open resumed>) = 4 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... open resumed>) = 5 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] openat(-1, "/proc/self/exe", O_RDONLY [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... openat resumed>) = 6 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] sendfile(5, 6, NULL, 140737974943952 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.096512][ T5298] loop0: detected capacity change from 0 to 1024 [ 74.106757][ T5298] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 74.117046][ T5298] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 74.129161][ T5298] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... sendfile resumed>) = 65536 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 1 [pid 5298] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [pid 5298] ftruncate(4, 31) = 0 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 1 [pid 5298] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 1 [pid 5298] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5298] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5297] exit_group(0) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5299] chdir("./112") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5299] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5300], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5300 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5300] munmap(0x7fa30fe43000, 524288) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./file0", 0777) = 0 [pid 5300] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file0") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [ 74.262476][ T5300] loop0: detected capacity change from 0 to 1024 [ 74.271969][ T5300] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 74.282406][ T5300] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 74.295241][ T5300] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5300] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 0 [pid 5300] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] ftruncate(4, 31) = 0 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5300] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] exit_group(0) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5301 ./strace-static-x86_64: Process 5301 attached [pid 5301] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5301] chdir("./113") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5301] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5302], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5302 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5302] memfd_create("syzkaller", 0) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5302] munmap(0x7fa30fe43000, 524288) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] mkdir("./file0", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file0") = 0 [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = 0 [pid 5302] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5302] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = 1 [pid 5302] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 74.444419][ T5302] loop0: detected capacity change from 0 to 1024 [ 74.454493][ T5302] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 74.464960][ T5302] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 74.476695][ T5302] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5302] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] ftruncate(4, 31) = 0 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5302] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] exit_group(0) = ? [pid 5302] <... futex resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5303 ./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5303] chdir("./114") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5303] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5304], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5304 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5304 attached [pid 5304] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5304] memfd_create("syzkaller", 0) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5304] munmap(0x7fa30fe43000, 524288) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] mkdir("./file0", 0777) = 0 [pid 5304] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file0") = 0 [pid 5304] ioctl(4, LOOP_CLR_FD) = 0 [pid 5304] close(4) = 0 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 1 [pid 5304] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] sendfile(5, 6, NULL, 140737974943952 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.642288][ T5304] loop0: detected capacity change from 0 to 1024 [ 74.652106][ T5304] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 74.662325][ T5304] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 74.674428][ T5304] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... sendfile resumed>) = 65536 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 0 [pid 5304] ftruncate(4, 31) = 0 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 1 [pid 5304] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5304] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5303] exit_group(0) = ? [pid 5304] <... futex resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5305 ./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5305] chdir("./115") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5305] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5306], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5306 [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5306 attached [pid 5306] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5306] munmap(0x7fa30fe43000, 524288) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./file0", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file0") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... open resumed>) = 4 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... open resumed>) = 5 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] openat(-1, "/proc/self/exe", O_RDONLY [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... openat resumed>) = 6 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] sendfile(5, 6, NULL, 140737974943952 [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.836330][ T5306] loop0: detected capacity change from 0 to 1024 [ 74.846229][ T5306] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 74.856490][ T5306] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 74.867883][ T5306] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... sendfile resumed>) = 65536 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] ftruncate(4, 31) = 0 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5306] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5307 ./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5307] chdir("./116") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5307] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5308], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5308 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5308] memfd_create("syzkaller", 0) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5308] munmap(0x7fa30fe43000, 524288) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] mkdir("./file0", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file0") = 0 [pid 5308] ioctl(4, LOOP_CLR_FD) = 0 [pid 5308] close(4) = 0 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [pid 5308] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 1 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 1 [pid 5308] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5308] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [ 75.026626][ T5308] loop0: detected capacity change from 0 to 1024 [ 75.036616][ T5308] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.047176][ T5308] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 75.058637][ T5308] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5308] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [pid 5308] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] ftruncate(4, 31 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... ftruncate resumed>) = 0 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... open resumed>) = 7 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5308] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5307] <... exit_group resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5309 ./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5309] chdir("./117") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5309] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5310 attached , parent_tid=[5310], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5310 [pid 5310] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5310] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] memfd_create("syzkaller", 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] <... memfd_create resumed>) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5310] munmap(0x7fa30fe43000, 524288) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] mkdir("./file0", 0777) = 0 [pid 5310] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file0") = 0 [pid 5310] ioctl(4, LOOP_CLR_FD) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [ 75.204458][ T5310] loop0: detected capacity change from 0 to 1024 [ 75.214523][ T5310] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.224844][ T5310] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 75.237001][ T5310] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5310] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] ftruncate(4, 31) = 0 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5310] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5309] exit_group(0 [pid 5310] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... exit_group resumed>) = ? [pid 5310] <... futex resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5311] chdir("./118") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5311] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5312 attached , parent_tid=[5312], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5312 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5312] munmap(0x7fa30fe43000, 524288) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./file0", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file0") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 0 [pid 5312] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] sendfile(5, 6, NULL, 140737974943952 [ 75.387525][ T5312] loop0: detected capacity change from 0 to 1024 [ 75.398220][ T5312] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.408533][ T5312] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 75.420561][ T5312] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... sendfile resumed>) = 65536 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] ftruncate(4, 31 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... ftruncate resumed>) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... open resumed>) = 7 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5311] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... pwritev2 resumed>) = 20480 [pid 5312] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] exit_group(0) = ? [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5313 ./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5313] chdir("./119") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5313] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5314 attached , parent_tid=[5314], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5314 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] set_robust_list(0x7fa3182639e0, 24 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5314] munmap(0x7fa30fe43000, 524288) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file0", 0777) = 0 [pid 5314] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file0") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [ 75.587553][ T5314] loop0: detected capacity change from 0 to 1024 [ 75.597249][ T5314] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.607587][ T5314] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 75.619157][ T5314] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5314] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] ftruncate(4, 31) = 0 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5314] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0) = ? [pid 5314] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5315 ./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5315] chdir("./120") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5315] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5316], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5316 ./strace-static-x86_64: Process 5316 attached [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5316] munmap(0x7fa30fe43000, 524288) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] mkdir("./file0", 0777) = 0 [pid 5316] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./file0") = 0 [pid 5316] ioctl(4, LOOP_CLR_FD) = 0 [pid 5316] close(4) = 0 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... open resumed>) = 4 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 1 [pid 5316] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.784103][ T5316] loop0: detected capacity change from 0 to 1024 [ 75.794330][ T5316] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.804572][ T5316] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 75.817352][ T5316] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5316] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] ftruncate(4, 31) = 0 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5316] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] exit_group(0) = ? [pid 5316] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached , child_tidptr=0x55555702f5d0) = 5317 [pid 5317] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5317] chdir("./121") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5317] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5318], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5318 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5318] munmap(0x7fa30fe43000, 524288) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [pid 5318] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file0") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... open resumed>) = 4 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... open resumed>) = 5 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] sendfile(5, 6, NULL, 140737974943952 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.971058][ T5318] loop0: detected capacity change from 0 to 1024 [ 75.982232][ T5318] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 75.992513][ T5318] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.004029][ T5318] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... sendfile resumed>) = 65536 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] ftruncate(4, 31 [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... ftruncate resumed>) = 0 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... open resumed>) = 7 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5318] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5317] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... pwritev2 resumed>) = 20480 [pid 5318] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] exit_group(0) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5319 ./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5319] chdir("./122") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5319] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5320], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5320] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5320] munmap(0x7fa30fe43000, 524288) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file0", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file0") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [ 76.159902][ T5320] loop0: detected capacity change from 0 to 1024 [ 76.169806][ T5320] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 76.180067][ T5320] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.191654][ T5320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5320] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] openat(-1, "/proc/self/exe", O_RDONLY [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... openat resumed>) = 6 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 0 [pid 5320] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [ 76.215470][ T898] cfg80211: failed to load regulatory.db [pid 5320] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] ftruncate(4, 31) = 0 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5320] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5319] exit_group(0 [pid 5320] ???( [pid 5319] <... exit_group resumed>) = ? [pid 5320] <... ??? resumed>) = ? [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5322 ./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5322] chdir("./123") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5322] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5323], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5323 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5323] memfd_create("syzkaller", 0) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5323] munmap(0x7fa30fe43000, 524288) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5323] close(3) = 0 [pid 5323] mkdir("./file0", 0777) = 0 [pid 5323] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5323] chdir("./file0") = 0 [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 0 [pid 5323] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 1 [pid 5323] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 1 [ 76.359566][ T5323] loop0: detected capacity change from 0 to 1024 [ 76.370038][ T5323] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 76.380927][ T5323] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.392899][ T5323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5323] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 0 [pid 5323] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] ftruncate(4, 31 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... ftruncate resumed>) = 0 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... open resumed>) = 7 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5322] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... pwritev2 resumed>) = 20480 [pid 5323] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] exit_group(0) = ? [pid 5323] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5324 ./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5324] chdir("./124") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5324] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5325 attached [pid 5325] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5325] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... clone resumed>, parent_tid=[5325], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5325 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5325] memfd_create("syzkaller", 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5325] <... memfd_create resumed>) = 3 [pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5325] munmap(0x7fa30fe43000, 524288) = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5325] close(3) = 0 [pid 5325] mkdir("./file0", 0777) = 0 [pid 5325] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5325] chdir("./file0") = 0 [pid 5325] ioctl(4, LOOP_CLR_FD) = 0 [pid 5325] close(4) = 0 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = 1 [pid 5325] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = 1 [pid 5325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = 1 [pid 5325] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = 1 [ 76.564722][ T5325] loop0: detected capacity change from 0 to 1024 [ 76.575185][ T5325] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 76.585552][ T5325] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.597927][ T5325] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5325] sendfile(5, 6, NULL, 140737974943952 [pid 5324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5324] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5324] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5324] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x7fa30fec29e0, 24 [pid 5324] <... clone resumed>, parent_tid=[5326], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5326 [pid 5326] <... set_robust_list resumed>) = 0 [pid 5326] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 0 [pid 5326] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5325] <... sendfile resumed>) = 65536 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5326] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] ftruncate(4, 31) = 0 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] <... futex resumed>) = 0 [pid 5325] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... open resumed>) = 7 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] <... futex resumed>) = 0 [pid 5325] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5324] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... pwritev2 resumed>) = 20480 [pid 5325] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5325] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5325] <... futex resumed>) = ? [pid 5324] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5327 ./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5327] chdir("./125") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5327] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5328 attached , parent_tid=[5328], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5328 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] set_robust_list(0x7fa3182639e0, 24 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5328] <... set_robust_list resumed>) = 0 [pid 5328] memfd_create("syzkaller", 0) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5328] munmap(0x7fa30fe43000, 524288) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5328] close(3) = 0 [pid 5328] mkdir("./file0", 0777) = 0 [pid 5328] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5328] chdir("./file0") = 0 [pid 5328] ioctl(4, LOOP_CLR_FD) = 0 [pid 5328] close(4) = 0 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... futex resumed>) = 1 [pid 5328] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... futex resumed>) = 1 [pid 5328] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] openat(-1, "/proc/self/exe", O_RDONLY [pid 5327] <... futex resumed>) = 0 [pid 5328] <... openat resumed>) = 6 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... futex resumed>) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] sendfile(5, 6, NULL, 140737974943952 [ 76.791870][ T5328] loop0: detected capacity change from 0 to 1024 [ 76.801521][ T5328] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 76.812096][ T5328] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.824789][ T5328] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5328] <... sendfile resumed>) = 65536 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5328] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] ftruncate(4, 31) = 0 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... open resumed>) = 7 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5328] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] exit_group(0) = ? [pid 5328] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5329 ./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5329] chdir("./126") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5329] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5330 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5330] munmap(0x7fa30fe43000, 524288) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file0", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file0") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 5 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] openat(-1, "/proc/self/exe", O_RDONLY [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... openat resumed>) = 6 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] sendfile(5, 6, NULL, 140737974943952 [pid 5329] <... futex resumed>) = 0 [ 76.965848][ T5330] loop0: detected capacity change from 0 to 1024 [ 76.976205][ T5330] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 76.986496][ T5330] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 76.997970][ T5330] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... sendfile resumed>) = 65536 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] ftruncate(4, 31) = 0 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5330] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] exit_group(0) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5331] chdir("./127") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5331] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5332], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5332 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5332] munmap(0x7fa30fe43000, 524288) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] mkdir("./file0", 0777) = 0 [pid 5332] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./file0") = 0 [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [pid 5332] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] openat(-1, "/proc/self/exe", O_RDONLY [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... openat resumed>) = 6 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [ 77.153967][ T5332] loop0: detected capacity change from 0 to 1024 [ 77.164935][ T5332] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 77.175218][ T5332] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 77.187483][ T5332] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5332] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] ftruncate(4, 31 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... ftruncate resumed>) = 0 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... open resumed>) = 7 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5331] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... pwritev2 resumed>) = 20480 [pid 5332] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] exit_group(0) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5333 ./strace-static-x86_64: Process 5333 attached [pid 5333] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5333] chdir("./128") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5333] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5333] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x7fa3182639e0, 24 [pid 5333] <... clone resumed>, parent_tid=[5334], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5334 [pid 5334] <... set_robust_list resumed>) = 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] memfd_create("syzkaller", 0 [pid 5333] <... futex resumed>) = 0 [pid 5334] <... memfd_create resumed>) = 3 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5334] munmap(0x7fa30fe43000, 524288) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] mkdir("./file0", 0777) = 0 [pid 5334] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file0") = 0 [pid 5334] ioctl(4, LOOP_CLR_FD) = 0 [pid 5334] close(4) = 0 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 0 [pid 5334] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 1 [pid 5334] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 1 [pid 5334] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... futex resumed>) = 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 0 [ 77.366463][ T5334] loop0: detected capacity change from 0 to 1024 [ 77.376115][ T5334] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 77.386745][ T5334] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 77.398724][ T5334] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5334] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] ftruncate(4, 31 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... ftruncate resumed>) = 0 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... open resumed>) = 7 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5334] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5333] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... pwritev2 resumed>) = 20480 [pid 5334] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5334] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] exit_group(0 [pid 5334] <... futex resumed>) = ? [pid 5333] <... exit_group resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5335] chdir("./129") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5335] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5336], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5336 ./strace-static-x86_64: Process 5336 attached [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] set_robust_list(0x7fa3182639e0, 24 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5336] munmap(0x7fa30fe43000, 524288) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file0", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file0") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... open resumed>) = 4 [ 77.557707][ T5336] loop0: detected capacity change from 0 to 1024 [ 77.567400][ T5336] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 77.577781][ T5336] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 77.589884][ T5336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... open resumed>) = 5 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] openat(-1, "/proc/self/exe", O_RDONLY [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... openat resumed>) = 6 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] sendfile(5, 6, NULL, 140737974943952 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... sendfile resumed>) = 65536 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.614299][ T27] kauditd_printk_skb: 68 callbacks suppressed [ 77.614311][ T27] audit: type=1800 audit(1672320177.395:389): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 77.642248][ T27] audit: type=1800 audit(1672320177.415:390): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5336] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] ftruncate(4, 31) = 0 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 0 [pid 5336] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5336] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] exit_group(0) = ? [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5337] chdir("./130") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5337] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5338], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5338 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [ 77.708819][ T27] audit: type=1800 audit(1672320177.485:391): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5338] munmap(0x7fa30fe43000, 524288) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] mkdir("./file0", 0777) = 0 [pid 5338] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file0") = 0 [pid 5338] ioctl(4, LOOP_CLR_FD) = 0 [pid 5338] close(4) = 0 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.777027][ T5338] loop0: detected capacity change from 0 to 1024 [ 77.787540][ T5338] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 77.798082][ T5338] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 77.810672][ T5338] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5338] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] sendfile(5, 6, NULL, 140737974943952 [pid 5337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5337] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached [pid 5339] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5339] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... clone resumed>, parent_tid=[5339], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5339 [pid 5337] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5338] <... sendfile resumed>) = 65536 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.834588][ T27] audit: type=1800 audit(1672320177.615:392): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 77.855793][ T27] audit: type=1800 audit(1672320177.615:393): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5338] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5339] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5338] ftruncate(4, 31 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... ftruncate resumed>) = 0 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5338] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] exit_group(0) = ? [pid 5338] <... futex resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5339] <... futex resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5340 ./strace-static-x86_64: Process 5340 attached [pid 5340] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5340] chdir("./131") = 0 [pid 5340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5340] setpgid(0, 0) = 0 [pid 5340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5340] write(3, "1000", 4) = 4 [pid 5340] close(3) = 0 [pid 5340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5340] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5341], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5341 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5341] memfd_create("syzkaller", 0) = 3 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [ 77.926804][ T27] audit: type=1800 audit(1672320177.705:394): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5341] munmap(0x7fa30fe43000, 524288) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5341] close(3) = 0 [pid 5341] mkdir("./file0", 0777) = 0 [pid 5341] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5341] chdir("./file0") = 0 [pid 5341] ioctl(4, LOOP_CLR_FD) = 0 [pid 5341] close(4) = 0 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 0 [ 77.990361][ T5341] loop0: detected capacity change from 0 to 1024 [ 77.999733][ T5341] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.010016][ T5341] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.022289][ T5341] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5341] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 0 [pid 5341] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 [pid 5341] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 [pid 5341] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5341] ftruncate(4, 31 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... ftruncate resumed>) = 0 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5341] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 78.035898][ T27] audit: type=1800 audit(1672320177.815:395): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 78.057860][ T27] audit: type=1800 audit(1672320177.835:396): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... open resumed>) = 7 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 0 [pid 5341] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5341] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] exit_group(0) = ? [pid 5341] <... futex resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5340, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5342 ./strace-static-x86_64: Process 5342 attached [pid 5342] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5342] chdir("./132") = 0 [pid 5342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5342] setpgid(0, 0) = 0 [pid 5342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5342] write(3, "1000", 4) = 4 [pid 5342] close(3) = 0 [pid 5342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5342] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5343], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5343 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5343] munmap(0x7fa30fe43000, 524288) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 78.119361][ T27] audit: type=1800 audit(1672320177.895:397): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] mkdir("./file0", 0777) = 0 [pid 5343] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file0") = 0 [pid 5343] ioctl(4, LOOP_CLR_FD) = 0 [pid 5343] close(4) = 0 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 78.180292][ T5343] loop0: detected capacity change from 0 to 1024 [ 78.190287][ T5343] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.200804][ T5343] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.213725][ T5343] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] ftruncate(4, 31) = 0 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.247357][ T27] audit: type=1800 audit(1672320178.025:398): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... pwritev2 resumed>) = 20480 [pid 5343] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5343] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] exit_group(0) = ? [pid 5343] <... futex resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5342, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5344] chdir("./133") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5344] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5345 attached [pid 5345] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5345] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... clone resumed>, parent_tid=[5345], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5345 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5345] munmap(0x7fa30fe43000, 524288) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file0", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file0") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... futex resumed>) = 1 [pid 5345] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] sendfile(5, 6, NULL, 140737974943952 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.369752][ T5345] loop0: detected capacity change from 0 to 1024 [ 78.379766][ T5345] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.390124][ T5345] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.401551][ T5345] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... sendfile resumed>) = 65536 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] ftruncate(4, 31 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... ftruncate resumed>) = 0 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5345] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... open resumed>) = 7 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5345] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5345] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0 [pid 5345] <... futex resumed>) = ? [pid 5344] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5346 ./strace-static-x86_64: Process 5346 attached [pid 5346] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5346] chdir("./134") = 0 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5346] setpgid(0, 0) = 0 [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5346] write(3, "1000", 4) = 4 [pid 5346] close(3) = 0 [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5346] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5346] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5347 attached , parent_tid=[5347], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5347 [pid 5347] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5347] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5347] memfd_create("syzkaller", 0) = 3 [pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5347] munmap(0x7fa30fe43000, 524288) = 0 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5347] close(3) = 0 [pid 5347] mkdir("./file0", 0777) = 0 [pid 5347] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5347] chdir("./file0") = 0 [pid 5347] ioctl(4, LOOP_CLR_FD) = 0 [pid 5347] close(4) = 0 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 0 [pid 5347] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 1 [pid 5347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 1 [pid 5347] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 0 [ 78.562885][ T5347] loop0: detected capacity change from 0 to 1024 [ 78.572429][ T5347] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.583197][ T5347] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.595539][ T5347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5347] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] ftruncate(4, 31 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... ftruncate resumed>) = 0 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... open resumed>) = 7 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5346] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... pwritev2 resumed>) = 20480 [pid 5347] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] exit_group(0 [pid 5347] <... futex resumed>) = ? [pid 5346] <... exit_group resumed>) = ? [pid 5347] +++ exited with 0 +++ [pid 5346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5346, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5348 ./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5348] chdir("./135") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [pid 5348] close(3) = 0 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5348] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5349 attached , parent_tid=[5349], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5349 [pid 5349] set_robust_list(0x7fa3182639e0, 24 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5349] <... set_robust_list resumed>) = 0 [pid 5349] memfd_create("syzkaller", 0) = 3 [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5349] munmap(0x7fa30fe43000, 524288) = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5349] close(3) = 0 [pid 5349] mkdir("./file0", 0777) = 0 [pid 5349] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5349] chdir("./file0") = 0 [pid 5349] ioctl(4, LOOP_CLR_FD) = 0 [pid 5349] close(4) = 0 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [ 78.750953][ T5349] loop0: detected capacity change from 0 to 1024 [ 78.760075][ T5349] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.770765][ T5349] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.782484][ T5349] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5349] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] ftruncate(4, 31) = 0 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5348] <... futex resumed>) = 1 [pid 5349] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... open resumed>) = 7 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... futex resumed>) = 0 [pid 5348] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 0 [pid 5349] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5349] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5349] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] exit_group(0) = ? [pid 5349] <... futex resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5350] chdir("./136") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5350] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5351 attached , parent_tid=[5351], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5351 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5351] memfd_create("syzkaller", 0) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5351] munmap(0x7fa30fe43000, 524288) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file0", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file0") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... open resumed>) = 4 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... open resumed>) = 5 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [ 78.906349][ T5351] loop0: detected capacity change from 0 to 1024 [ 78.916728][ T5351] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 78.926977][ T5351] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 78.938678][ T5351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5351] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] ftruncate(4, 31) = 0 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5351] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5350] exit_group(0) = ? [pid 5351] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5352] chdir("./137") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... clone resumed>, child_tidptr=0x55555702f5d0) = 5352 [pid 5352] <... openat resumed>) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5352] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5353 attached , parent_tid=[5353], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5353 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] set_robust_list(0x7fa3182639e0, 24 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5353] <... set_robust_list resumed>) = 0 [pid 5353] memfd_create("syzkaller", 0) = 3 [pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5353] munmap(0x7fa30fe43000, 524288) = 0 [pid 5353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5353] close(3) = 0 [pid 5353] mkdir("./file0", 0777) = 0 [pid 5353] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5353] chdir("./file0") = 0 [pid 5353] ioctl(4, LOOP_CLR_FD) = 0 [pid 5353] close(4) = 0 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 1 [pid 5353] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 1 [pid 5353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 0 [pid 5353] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 1 [ 79.088510][ T5353] loop0: detected capacity change from 0 to 1024 [ 79.098289][ T5353] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 79.108931][ T5353] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 79.120740][ T5353] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5353] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] <... futex resumed>) = 0 [pid 5353] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] ftruncate(4, 31 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... ftruncate resumed>) = 0 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... futex resumed>) = 1 [pid 5353] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5352] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... pwritev2 resumed>) = 20480 [pid 5353] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] exit_group(0 [pid 5353] <... futex resumed>) = ? [pid 5352] <... exit_group resumed>) = ? [pid 5353] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5352, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5354] chdir("./138") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5354] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5354] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5355], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5355 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5355] memfd_create("syzkaller", 0) = 3 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5355] munmap(0x7fa30fe43000, 524288) = 0 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5355] close(3) = 0 [pid 5355] mkdir("./file0", 0777) = 0 [pid 5355] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5355] chdir("./file0") = 0 [pid 5355] ioctl(4, LOOP_CLR_FD) = 0 [pid 5355] close(4) = 0 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... futex resumed>) = 1 [pid 5355] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... futex resumed>) = 1 [pid 5355] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... futex resumed>) = 1 [pid 5355] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] sendfile(5, 6, NULL, 140737974943952 [pid 5354] <... futex resumed>) = 0 [ 79.286827][ T5355] loop0: detected capacity change from 0 to 1024 [ 79.296521][ T5355] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 79.306735][ T5355] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 79.318793][ T5355] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... sendfile resumed>) = 65536 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5354] <... futex resumed>) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5355] ftruncate(4, 31 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... ftruncate resumed>) = 0 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5355] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... open resumed>) = 7 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5355] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5354] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... pwritev2 resumed>) = 20480 [pid 5355] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5354] exit_group(0 [pid 5355] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... exit_group resumed>) = ? [pid 5355] <... futex resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5356] chdir("./139") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5356] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5357 attached , parent_tid=[5357], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5357 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5357] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5357] munmap(0x7fa30fe43000, 524288) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file0", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file0") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [ 79.499131][ T5357] loop0: detected capacity change from 0 to 1024 [ 79.508601][ T5357] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 79.518881][ T5357] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 79.531107][ T5357] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5357] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] ftruncate(4, 31) = 0 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5357] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5356] exit_group(0) = ? [pid 5357] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5358] chdir("./140") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5358] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5359], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5359 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5359] memfd_create("syzkaller", 0) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5359] munmap(0x7fa30fe43000, 524288) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./file0", 0777) = 0 [pid 5359] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file0") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] sendfile(5, 6, NULL, 140737974943952 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.672954][ T5359] loop0: detected capacity change from 0 to 1024 [ 79.682845][ T5359] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 79.693285][ T5359] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 79.705683][ T5359] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... sendfile resumed>) = 65536 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 0 [pid 5359] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5359] ftruncate(4, 31 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... ftruncate resumed>) = 0 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5358] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... pwritev2 resumed>) = 20480 [pid 5359] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] exit_group(0) = ? [pid 5359] <... futex resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5360 ./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5360] chdir("./141") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5360] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5361 attached , parent_tid=[5361], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5361 [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5361] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5361] memfd_create("syzkaller", 0) = 3 [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5361] munmap(0x7fa30fe43000, 524288) = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5361] close(3) = 0 [pid 5361] mkdir("./file0", 0777) = 0 [pid 5361] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5361] chdir("./file0") = 0 [pid 5361] ioctl(4, LOOP_CLR_FD) = 0 [pid 5361] close(4) = 0 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [pid 5361] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... open resumed>) = 4 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] openat(-1, "/proc/self/exe", O_RDONLY [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... openat resumed>) = 6 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] sendfile(5, 6, NULL, 140737974943952 [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.875499][ T5361] loop0: detected capacity change from 0 to 1024 [ 79.885570][ T5361] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 79.895780][ T5361] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 79.908475][ T5361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... sendfile resumed>) = 65536 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] ftruncate(4, 31 [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... ftruncate resumed>) = 0 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5360] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... pwritev2 resumed>) = 20480 [pid 5361] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 0 [pid 5360] exit_group(0) = ? [pid 5361] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5362 ./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5362] chdir("./142") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5362] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5363], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5363 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5363] memfd_create("syzkaller", 0) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5363] munmap(0x7fa30fe43000, 524288) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file0") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] sendfile(5, 6, NULL, 140737974943952 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.050868][ T5363] loop0: detected capacity change from 0 to 1024 [ 80.060434][ T5363] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.071209][ T5363] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 80.083395][ T5363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... sendfile resumed>) = 65536 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] ftruncate(4, 31 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... ftruncate resumed>) = 0 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 7 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... pwritev2 resumed>) = 20480 [pid 5363] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] exit_group(0 [pid 5363] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5362] <... exit_group resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5364 ./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5364] chdir("./143") = 0 [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5364] setpgid(0, 0) = 0 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5364] write(3, "1000", 4) = 4 [pid 5364] close(3) = 0 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5364] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5365 attached , parent_tid=[5365], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5365 [pid 5365] set_robust_list(0x7fa3182639e0, 24 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... set_robust_list resumed>) = 0 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5365] memfd_create("syzkaller", 0) = 3 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5365] munmap(0x7fa30fe43000, 524288) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5365] close(3) = 0 [pid 5365] mkdir("./file0", 0777) = 0 [pid 5365] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5365] chdir("./file0") = 0 [pid 5365] ioctl(4, LOOP_CLR_FD) = 0 [pid 5365] close(4) = 0 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 1 [pid 5365] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 1 [pid 5365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 1 [pid 5365] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.242060][ T5365] loop0: detected capacity change from 0 to 1024 [ 80.252070][ T5365] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.263443][ T5365] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 80.275051][ T5365] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5365] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 1 [pid 5365] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] ftruncate(4, 31) = 0 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5365] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... open resumed>) = 7 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5365] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5365] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] exit_group(0) = ? [pid 5365] <... futex resumed>) = ? [pid 5365] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5364, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5366 ./strace-static-x86_64: Process 5366 attached [pid 5366] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5366] chdir("./144") = 0 [pid 5366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5366] setpgid(0, 0) = 0 [pid 5366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5366] write(3, "1000", 4) = 4 [pid 5366] close(3) = 0 [pid 5366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5366] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5366] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5367 attached , parent_tid=[5367], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5367 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5367] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5367] memfd_create("syzkaller", 0) = 3 [pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5367] munmap(0x7fa30fe43000, 524288) = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5367] close(3) = 0 [pid 5367] mkdir("./file0", 0777) = 0 [pid 5367] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5367] chdir("./file0") = 0 [pid 5367] ioctl(4, LOOP_CLR_FD) = 0 [pid 5367] close(4) = 0 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5367] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... futex resumed>) = 0 [pid 5367] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... open resumed>) = 4 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... open resumed>) = 5 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5367] openat(-1, "/proc/self/exe", O_RDONLY [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... openat resumed>) = 6 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5366] <... futex resumed>) = 0 [pid 5367] sendfile(5, 6, NULL, 140737974943952 [ 80.416864][ T5367] loop0: detected capacity change from 0 to 1024 [ 80.426615][ T5367] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.437082][ T5367] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 80.448834][ T5367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... sendfile resumed>) = 65536 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5367] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] ftruncate(4, 31 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... ftruncate resumed>) = 0 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5367] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5366] exit_group(0) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5366, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5368] chdir("./145") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5368] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x7fa3182639e0, 24 [pid 5368] <... clone resumed>, parent_tid=[5369], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5369 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5369] munmap(0x7fa30fe43000, 524288) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file0") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5369] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 4 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] <... open resumed>) = 5 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5369] openat(-1, "/proc/self/exe", O_RDONLY [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... openat resumed>) = 6 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] sendfile(5, 6, NULL, 140737974943952 [pid 5368] <... futex resumed>) = 0 [ 80.580314][ T5369] loop0: detected capacity change from 0 to 1024 [ 80.589461][ T5369] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.600083][ T5369] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 80.612239][ T5369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... sendfile resumed>) = 65536 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... futex resumed>) = 1 [pid 5369] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] ftruncate(4, 31) = 0 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5369] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] exit_group(0) = ? [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5370] chdir("./146") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5370] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5371] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... clone resumed>, parent_tid=[5371], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5371 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5371] memfd_create("syzkaller", 0) = 3 [pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5371] munmap(0x7fa30fe43000, 524288) = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5371] close(3) = 0 [pid 5371] mkdir("./file0", 0777) = 0 [pid 5371] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5371] chdir("./file0") = 0 [pid 5371] ioctl(4, LOOP_CLR_FD) = 0 [pid 5371] close(4) = 0 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [pid 5371] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [pid 5371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [pid 5371] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [ 80.767621][ T5371] loop0: detected capacity change from 0 to 1024 [ 80.778090][ T5371] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.788382][ T5371] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 80.800590][ T5371] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5371] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5370] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5370] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5372], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5372 [pid 5370] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5372] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5372] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 0 [pid 5371] ftruncate(4, 31) = 0 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [pid 5371] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 1 [pid 5371] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5372] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... pwritev2 resumed>) = 20480 [pid 5371] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] exit_group(0 [pid 5372] <... futex resumed>) = ? [pid 5370] <... exit_group resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5373] chdir("./147") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5373] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5374] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... clone resumed>, parent_tid=[5374], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5374 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] memfd_create("syzkaller", 0) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5374] munmap(0x7fa30fe43000, 524288) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5374] close(3) = 0 [pid 5374] mkdir("./file0", 0777) = 0 [pid 5374] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5374] chdir("./file0") = 0 [pid 5374] ioctl(4, LOOP_CLR_FD) = 0 [pid 5374] close(4) = 0 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [ 80.972470][ T5374] loop0: detected capacity change from 0 to 1024 [ 80.982411][ T5374] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 80.992762][ T5374] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.004443][ T5374] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5374] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] ftruncate(4, 31 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... ftruncate resumed>) = 0 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 1 [pid 5374] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5373] <... futex resumed>) = 0 [pid 5374] <... open resumed>) = 7 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5373] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5374] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... futex resumed>) = 0 [pid 5373] exit_group(0 [pid 5374] <... futex resumed>) = ? [pid 5373] <... exit_group resumed>) = ? [pid 5374] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5375 ./strace-static-x86_64: Process 5375 attached [pid 5375] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5375] chdir("./148") = 0 [pid 5375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5375] setpgid(0, 0) = 0 [pid 5375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5375] write(3, "1000", 4) = 4 [pid 5375] close(3) = 0 [pid 5375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5375] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5375] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5376 attached , parent_tid=[5376], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5376 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] set_robust_list(0x7fa3182639e0, 24 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5376] <... set_robust_list resumed>) = 0 [pid 5376] memfd_create("syzkaller", 0) = 3 [pid 5376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5376] munmap(0x7fa30fe43000, 524288) = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5376] close(3) = 0 [pid 5376] mkdir("./file0", 0777) = 0 [pid 5376] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5376] chdir("./file0") = 0 [pid 5376] ioctl(4, LOOP_CLR_FD) = 0 [pid 5376] close(4) = 0 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5376] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... open resumed>) = 4 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... open resumed>) = 5 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] openat(-1, "/proc/self/exe", O_RDONLY [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... openat resumed>) = 6 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] sendfile(5, 6, NULL, 140737974943952 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.163652][ T5376] loop0: detected capacity change from 0 to 1024 [ 81.172527][ T5376] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 81.183064][ T5376] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.195258][ T5376] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... sendfile resumed>) = 65536 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... futex resumed>) = 1 [pid 5376] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] ftruncate(4, 31 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... ftruncate resumed>) = 0 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... open resumed>) = 7 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5376] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5376] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] exit_group(0) = ? [pid 5376] <... futex resumed>) = ? [pid 5376] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5375, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5377 ./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5377] chdir("./149") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5377] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5378 attached , parent_tid=[5378], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5378 [pid 5378] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5378] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5378] munmap(0x7fa30fe43000, 524288) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file0", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file0") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 0 [pid 5378] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] sendfile(5, 6, NULL, 140737974943952 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.350418][ T5378] loop0: detected capacity change from 0 to 1024 [ 81.360882][ T5378] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 81.371277][ T5378] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.383288][ T5378] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... sendfile resumed>) = 65536 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] ftruncate(4, 31) = 0 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5378] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] exit_group(0) = ? [pid 5378] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5379 ./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5379] chdir("./150") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5379] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5380 attached , parent_tid=[5380], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5380 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5380] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5380] memfd_create("syzkaller", 0) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5380] munmap(0x7fa30fe43000, 524288) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] mkdir("./file0", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file0") = 0 [pid 5380] ioctl(4, LOOP_CLR_FD) = 0 [pid 5380] close(4) = 0 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 0 [pid 5380] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 0 [pid 5380] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] sendfile(5, 6, NULL, 140737974943952 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.504345][ T5380] loop0: detected capacity change from 0 to 1024 [ 81.514501][ T5380] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 81.525002][ T5380] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.536958][ T5380] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... sendfile resumed>) = 65536 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] ftruncate(4, 31) = 0 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5379] <... futex resumed>) = 0 [pid 5380] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... open resumed>) = 7 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5380] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5379] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... pwritev2 resumed>) = 20480 [pid 5380] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5380] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] exit_group(0 [pid 5380] <... futex resumed>) = ? [pid 5379] <... exit_group resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5381 ./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5381] chdir("./151") = 0 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5381] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5382 attached , parent_tid=[5382], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5382 [pid 5382] set_robust_list(0x7fa3182639e0, 24 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... set_robust_list resumed>) = 0 [pid 5381] <... futex resumed>) = 0 [pid 5382] memfd_create("syzkaller", 0 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5382] <... memfd_create resumed>) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5382] munmap(0x7fa30fe43000, 524288) = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5382] close(3) = 0 [pid 5382] mkdir("./file0", 0777) = 0 [pid 5382] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5382] chdir("./file0") = 0 [pid 5382] ioctl(4, LOOP_CLR_FD) = 0 [pid 5382] close(4) = 0 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... futex resumed>) = 0 [pid 5382] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] <... open resumed>) = 5 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] openat(-1, "/proc/self/exe", O_RDONLY [pid 5381] <... futex resumed>) = 0 [pid 5382] <... openat resumed>) = 6 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.700281][ T5382] loop0: detected capacity change from 0 to 1024 [ 81.709885][ T5382] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 81.720534][ T5382] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.732637][ T5382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5382] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] ftruncate(4, 31 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... ftruncate resumed>) = 0 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... open resumed>) = 7 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... pwritev2 resumed>) = 20480 [pid 5382] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = 0 [pid 5381] exit_group(0) = ? [pid 5382] <... futex resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5381, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5383] chdir("./152") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5383] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5384 attached [pid 5384] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5384] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... clone resumed>, parent_tid=[5384], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5384 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5384] munmap(0x7fa30fe43000, 524288) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file0") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [ 81.887030][ T5384] loop0: detected capacity change from 0 to 1024 [ 81.896634][ T5384] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 81.907182][ T5384] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 81.918805][ T5384] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5384] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] ftruncate(4, 31 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... ftruncate resumed>) = 0 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... open resumed>) = 7 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5384] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] exit_group(0) = ? [pid 5384] <... futex resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5385 ./strace-static-x86_64: Process 5385 attached [pid 5385] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5385] chdir("./153") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5385] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5386], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5386 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5386] munmap(0x7fa30fe43000, 524288) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] mkdir("./file0", 0777) = 0 [pid 5386] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./file0") = 0 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 0 [pid 5386] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [pid 5386] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [ 82.068441][ T5386] loop0: detected capacity change from 0 to 1024 [ 82.078224][ T5386] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 82.088640][ T5386] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 82.101090][ T5386] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5386] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [pid 5386] ftruncate(4, 31) = 0 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [pid 5386] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 1 [pid 5386] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5386] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] exit_group(0) = ? [pid 5386] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5385, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5387 attached , child_tidptr=0x55555702f5d0) = 5387 [pid 5387] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5387] chdir("./154") = 0 [pid 5387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5387] setpgid(0, 0) = 0 [pid 5387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5387] write(3, "1000", 4) = 4 [pid 5387] close(3) = 0 [pid 5387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5387] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5388 attached , parent_tid=[5388], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5388 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5388] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5388] memfd_create("syzkaller", 0) = 3 [pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5388] munmap(0x7fa30fe43000, 524288) = 0 [pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5388] close(3) = 0 [pid 5388] mkdir("./file0", 0777) = 0 [pid 5388] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5388] chdir("./file0") = 0 [pid 5388] ioctl(4, LOOP_CLR_FD) = 0 [pid 5388] close(4) = 0 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5388] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 0 [pid 5388] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5388] sendfile(5, 6, NULL, 140737974943952 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.256940][ T5388] loop0: detected capacity change from 0 to 1024 [ 82.267086][ T5388] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 82.277298][ T5388] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 82.289027][ T5388] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... sendfile resumed>) = 65536 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] ftruncate(4, 31) = 0 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] <... futex resumed>) = 1 [pid 5388] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5388] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5387] exit_group(0) = ? [pid 5388] +++ exited with 0 +++ [pid 5387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5387, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5389] chdir("./155") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5389] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5390 attached , parent_tid=[5390], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5390 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5390] munmap(0x7fa30fe43000, 524288) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 4 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 5 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] openat(-1, "/proc/self/exe", O_RDONLY [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... openat resumed>) = 6 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] sendfile(5, 6, NULL, 140737974943952 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.444578][ T5390] loop0: detected capacity change from 0 to 1024 [ 82.454847][ T5390] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 82.465258][ T5390] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 82.477624][ T5390] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... sendfile resumed>) = 65536 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5390] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5390] ftruncate(4, 31) = 0 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5390] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5390] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5389] exit_group(0) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5391 ./strace-static-x86_64: Process 5391 attached [pid 5391] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5391] chdir("./156") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5391] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5392], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5392 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5392] munmap(0x7fa30fe43000, 524288) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./file0", 0777) = 0 [pid 5392] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./file0") = 0 [pid 5392] ioctl(4, LOOP_CLR_FD) = 0 [pid 5392] close(4) = 0 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.630514][ T5392] loop0: detected capacity change from 0 to 1024 [ 82.641406][ T5392] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 82.651996][ T5392] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 82.664019][ T5392] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5392] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [ 82.687733][ T27] kauditd_printk_skb: 71 callbacks suppressed [ 82.687745][ T27] audit: type=1800 audit(1672320182.465:470): pid=5392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5392] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] ftruncate(4, 31) = 0 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.718854][ T27] audit: type=1800 audit(1672320182.495:471): pid=5392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5392] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 0 [pid 5392] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5392] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5392] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5391] <... exit_group resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 82.771225][ T27] audit: type=1800 audit(1672320182.545:472): pid=5392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5393 ./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5393] chdir("./157") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5393] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5394 attached , parent_tid=[5394], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5394 [pid 5393] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5394] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5394] memfd_create("syzkaller", 0) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5394] munmap(0x7fa30fe43000, 524288) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] mkdir("./file0", 0777) = 0 [pid 5394] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5394] chdir("./file0") = 0 [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [ 82.858978][ T5394] loop0: detected capacity change from 0 to 1024 [ 82.868744][ T5394] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 82.878973][ T5394] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 82.891110][ T5394] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5394] close(4) = 0 [pid 5394] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5394] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... open resumed>) = 5 [pid 5394] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5394] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] sendfile(5, 6, NULL, 140737974943952 [pid 5393] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5393] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5393] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5395], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5395 [pid 5393] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5395 attached [pid 5395] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5395] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5395] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... futex resumed>) = 1 [pid 5395] ftruncate(4, 31) = 0 [pid 5395] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5393] <... futex resumed>) = 0 [ 82.904508][ T27] audit: type=1800 audit(1672320182.685:473): pid=5394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 82.932820][ T27] audit: type=1800 audit(1672320182.685:474): pid=5394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5393] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... open resumed>) = 7 [pid 5394] <... sendfile resumed>) = 65536 [pid 5395] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... futex resumed>) = 1 [pid 5395] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5394] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... pwritev2 resumed>) = 20480 [pid 5395] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] exit_group(0) = ? [pid 5394] <... futex resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5395] <... futex resumed>) = ? [pid 5395] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5396 attached , child_tidptr=0x55555702f5d0) = 5396 [pid 5396] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5396] chdir("./158") = 0 [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5396] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [ 82.982633][ T27] audit: type=1800 audit(1672320182.755:475): pid=5395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5396] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5397], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5397 [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5397] memfd_create("syzkaller", 0) = 3 [pid 5397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5397] munmap(0x7fa30fe43000, 524288) = 0 [pid 5397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5397] close(3) = 0 [pid 5397] mkdir("./file0", 0777) = 0 [pid 5397] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5397] chdir("./file0") = 0 [pid 5397] ioctl(4, LOOP_CLR_FD) = 0 [pid 5397] close(4) = 0 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 83.053653][ T5397] loop0: detected capacity change from 0 to 1024 [ 83.063868][ T5397] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 83.074319][ T5397] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 83.086004][ T5397] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5397] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5397] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... open resumed>) = 5 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] openat(-1, "/proc/self/exe", O_RDONLY [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... openat resumed>) = 6 [pid 5396] <... futex resumed>) = 0 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] sendfile(5, 6, NULL, 140737974943952 [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... sendfile resumed>) = 65536 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5397] ftruncate(4, 31 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... ftruncate resumed>) = 0 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [ 83.104976][ T27] audit: type=1800 audit(1672320182.885:476): pid=5397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 83.128936][ T27] audit: type=1800 audit(1672320182.885:477): pid=5397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5397] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... futex resumed>) = 0 [pid 5397] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5397] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5396] exit_group(0 [pid 5397] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5396] <... exit_group resumed>) = ? [pid 5397] +++ exited with 0 +++ [pid 5396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 83.181685][ T27] audit: type=1800 audit(1672320182.955:478): pid=5397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5398 attached , child_tidptr=0x55555702f5d0) = 5398 [pid 5398] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5398] chdir("./159") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5398] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x7fa3182639e0, 24 [pid 5398] <... clone resumed>, parent_tid=[5399], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5399 [pid 5399] <... set_robust_list resumed>) = 0 [pid 5399] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] memfd_create("syzkaller", 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] <... memfd_create resumed>) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5399] munmap(0x7fa30fe43000, 524288) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [pid 5399] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [ 83.274826][ T5399] loop0: detected capacity change from 0 to 1024 [ 83.285681][ T5399] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 83.296071][ T5399] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 83.307592][ T5399] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5399] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = 5 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] sendfile(5, 6, NULL, 140737974943952 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.321781][ T27] audit: type=1800 audit(1672320183.095:479): pid=5399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... sendfile resumed>) = 65536 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5399] <... futex resumed>) = 1 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] ftruncate(4, 31) = 0 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5399] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] exit_group(0) = ? [pid 5399] <... futex resumed>) = ? [pid 5399] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5400 ./strace-static-x86_64: Process 5400 attached [pid 5400] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5400] chdir("./160") = 0 [pid 5400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5400] setpgid(0, 0) = 0 [pid 5400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5400] write(3, "1000", 4) = 4 [pid 5400] close(3) = 0 [pid 5400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5400] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5400] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5401], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5401 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5401 attached [pid 5401] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5401] memfd_create("syzkaller", 0) = 3 [pid 5401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5401] munmap(0x7fa30fe43000, 524288) = 0 [pid 5401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5401] close(3) = 0 [pid 5401] mkdir("./file0", 0777) = 0 [pid 5401] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5401] chdir("./file0") = 0 [pid 5401] ioctl(4, LOOP_CLR_FD) = 0 [pid 5401] close(4) = 0 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [pid 5401] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [pid 5401] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [pid 5401] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [ 83.452581][ T5401] loop0: detected capacity change from 0 to 1024 [ 83.464758][ T5401] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 83.475470][ T5401] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 83.487455][ T5401] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5401] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5401] ftruncate(4, 31 [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... ftruncate resumed>) = 0 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5401] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5400] <... futex resumed>) = 0 [pid 5401] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... open resumed>) = 7 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5401] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5400] <... futex resumed>) = 0 [pid 5401] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5400] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... pwritev2 resumed>) = 20480 [pid 5401] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5400] exit_group(0) = ? [pid 5401] +++ exited with 0 +++ [pid 5400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5400, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5402 ./strace-static-x86_64: Process 5402 attached [pid 5402] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5402] chdir("./161") = 0 [pid 5402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5402] setpgid(0, 0) = 0 [pid 5402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5402] write(3, "1000", 4) = 4 [pid 5402] close(3) = 0 [pid 5402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5402] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5403], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5403 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5403 attached [pid 5403] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5403] memfd_create("syzkaller", 0) = 3 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5403] munmap(0x7fa30fe43000, 524288) = 0 [pid 5403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5403] close(3) = 0 [pid 5403] mkdir("./file0", 0777) = 0 [pid 5403] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5403] chdir("./file0") = 0 [pid 5403] ioctl(4, LOOP_CLR_FD) = 0 [pid 5403] close(4) = 0 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5403] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5403] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5403] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [ 83.619954][ T5403] loop0: detected capacity change from 0 to 1024 [ 83.630722][ T5403] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 83.641260][ T5403] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 83.654191][ T5403] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5403] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] ftruncate(4, 31) = 0 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... open resumed>) = 7 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5402] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... pwritev2 resumed>) = 20480 [pid 5403] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] exit_group(0) = ? [pid 5403] <... futex resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5402, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5404 ./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5404] chdir("./162") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5404] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5405 attached [pid 5405] set_robust_list(0x7fa3182639e0, 24 [pid 5404] <... clone resumed>, parent_tid=[5405], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5405 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] <... set_robust_list resumed>) = 0 [pid 5405] memfd_create("syzkaller", 0) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5405] munmap(0x7fa30fe43000, 524288) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [pid 5405] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file0") = 0 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 4 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... open resumed>) = 5 [pid 5404] <... futex resumed>) = 0 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5405] openat(-1, "/proc/self/exe", O_RDONLY [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... openat resumed>) = 6 [pid 5404] <... futex resumed>) = 0 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5405] sendfile(5, 6, NULL, 140737974943952 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.819211][ T5405] loop0: detected capacity change from 0 to 1024 [ 83.829205][ T5405] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 83.839589][ T5405] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 83.851808][ T5405] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... sendfile resumed>) = 65536 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] ftruncate(4, 31) = 0 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 7 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5405] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] exit_group(0) = ? [pid 5405] <... futex resumed>) = ? [pid 5405] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5406 attached , child_tidptr=0x55555702f5d0) = 5406 [pid 5406] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5406] chdir("./163") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5406] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5407], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5407 [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5407] memfd_create("syzkaller", 0) = 3 [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5407] munmap(0x7fa30fe43000, 524288) = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5407] close(3) = 0 [pid 5407] mkdir("./file0", 0777) = 0 [pid 5407] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5407] chdir("./file0") = 0 [pid 5407] ioctl(4, LOOP_CLR_FD) = 0 [pid 5407] close(4) = 0 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 1 [pid 5407] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... open resumed>) = 4 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5407] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... open resumed>) = 5 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5407] openat(-1, "/proc/self/exe", O_RDONLY [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... openat resumed>) = 6 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5407] sendfile(5, 6, NULL, 140737974943952 [ 84.008858][ T5407] loop0: detected capacity change from 0 to 1024 [ 84.019964][ T5407] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.030526][ T5407] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.043174][ T5407] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... sendfile resumed>) = 65536 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... futex resumed>) = 0 [pid 5407] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] ftruncate(4, 31) = 0 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... futex resumed>) = 1 [pid 5407] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... futex resumed>) = 1 [pid 5407] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5407] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5406] exit_group(0) = ? [pid 5407] <... futex resumed>) = ? [pid 5407] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5408 ./strace-static-x86_64: Process 5408 attached [pid 5408] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5408] chdir("./164") = 0 [pid 5408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5408] setpgid(0, 0) = 0 [pid 5408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5408] write(3, "1000", 4) = 4 [pid 5408] close(3) = 0 [pid 5408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5408] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5408] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5409], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5409 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5409 attached [pid 5409] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5409] memfd_create("syzkaller", 0) = 3 [pid 5409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5409] munmap(0x7fa30fe43000, 524288) = 0 [pid 5409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5409] close(3) = 0 [pid 5409] mkdir("./file0", 0777) = 0 [pid 5409] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5409] chdir("./file0") = 0 [pid 5409] ioctl(4, LOOP_CLR_FD) = 0 [pid 5409] close(4) = 0 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [ 84.172903][ T5409] loop0: detected capacity change from 0 to 1024 [ 84.183528][ T5409] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.194471][ T5409] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.207015][ T5409] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5409] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] ftruncate(4, 31) = 0 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... futex resumed>) = 1 [pid 5409] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] <... futex resumed>) = 0 [pid 5409] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5408] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... pwritev2 resumed>) = 20480 [pid 5409] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [pid 5409] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] exit_group(0 [pid 5409] <... futex resumed>) = ? [pid 5408] <... exit_group resumed>) = ? [pid 5409] +++ exited with 0 +++ [pid 5408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5408, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5410] chdir("./165") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5410] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x7fa3182639e0, 24 [pid 5410] <... clone resumed>, parent_tid=[5411], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5411 [pid 5411] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] memfd_create("syzkaller", 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5411] <... memfd_create resumed>) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5411] munmap(0x7fa30fe43000, 524288) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [ 84.350342][ T5411] loop0: detected capacity change from 0 to 1024 [ 84.360390][ T5411] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.370688][ T5411] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.382223][ T5411] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5411] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ftruncate(4, 31) = 0 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5411] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] exit_group(0) = ? [pid 5411] <... futex resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5412 ./strace-static-x86_64: Process 5412 attached [pid 5412] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5412] chdir("./166") = 0 [pid 5412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5412] setpgid(0, 0) = 0 [pid 5412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5412] write(3, "1000", 4) = 4 [pid 5412] close(3) = 0 [pid 5412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5412] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5412] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5413 attached , parent_tid=[5413], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5413 [pid 5413] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5413] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5412] <... futex resumed>) = 1 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5413] memfd_create("syzkaller", 0) = 3 [pid 5413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5413] munmap(0x7fa30fe43000, 524288) = 0 [pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5413] close(3) = 0 [pid 5413] mkdir("./file0", 0777) = 0 [pid 5413] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5413] chdir("./file0") = 0 [pid 5413] ioctl(4, LOOP_CLR_FD) = 0 [pid 5413] close(4) = 0 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... futex resumed>) = 0 [pid 5413] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5413] openat(-1, "/proc/self/exe", O_RDONLY [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... openat resumed>) = 6 [pid 5412] <... futex resumed>) = 0 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... futex resumed>) = 0 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] sendfile(5, 6, NULL, 140737974943952 [pid 5412] <... futex resumed>) = 0 [ 84.527148][ T5413] loop0: detected capacity change from 0 to 1024 [ 84.536663][ T5413] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.547092][ T5413] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.558648][ T5413] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... sendfile resumed>) = 65536 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5413] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] ftruncate(4, 31 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... ftruncate resumed>) = 0 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... open resumed>) = 7 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5413] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5412] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... pwritev2 resumed>) = 20480 [pid 5413] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5412] exit_group(0) = ? [pid 5413] +++ exited with 0 +++ [pid 5412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5412, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5414 ./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5414] chdir("./167") = 0 [pid 5414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5414] setpgid(0, 0) = 0 [pid 5414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5414] write(3, "1000", 4) = 4 [pid 5414] close(3) = 0 [pid 5414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5414] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5415], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5415 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5415 attached [pid 5415] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5415] memfd_create("syzkaller", 0) = 3 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5415] munmap(0x7fa30fe43000, 524288) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5415] close(3) = 0 [pid 5415] mkdir("./file0", 0777) = 0 [pid 5415] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5415] chdir("./file0") = 0 [pid 5415] ioctl(4, LOOP_CLR_FD) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [ 84.700329][ T5415] loop0: detected capacity change from 0 to 1024 [ 84.709819][ T5415] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.720245][ T5415] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.731720][ T5415] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5415] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 1 [pid 5415] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5415] ftruncate(4, 31 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... ftruncate resumed>) = 0 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5415] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5415] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] exit_group(0 [pid 5415] <... futex resumed>) = ? [pid 5414] <... exit_group resumed>) = ? [pid 5415] +++ exited with 0 +++ [pid 5414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5414, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5416 ./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5416] chdir("./168") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5416] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5417 attached , parent_tid=[5417], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5417 [pid 5417] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5417] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5417] memfd_create("syzkaller", 0) = 3 [pid 5417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5417] munmap(0x7fa30fe43000, 524288) = 0 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5417] close(3) = 0 [pid 5417] mkdir("./file0", 0777) = 0 [pid 5417] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5417] chdir("./file0") = 0 [pid 5417] ioctl(4, LOOP_CLR_FD) = 0 [pid 5417] close(4) = 0 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... futex resumed>) = 1 [pid 5417] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... futex resumed>) = 1 [pid 5417] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... futex resumed>) = 1 [pid 5417] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... futex resumed>) = 1 [ 84.899727][ T5417] loop0: detected capacity change from 0 to 1024 [ 84.909583][ T5417] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 84.920061][ T5417] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 84.931608][ T5417] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5417] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5417] ftruncate(4, 31 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... ftruncate resumed>) = 0 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5417] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... open resumed>) = 7 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5417] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5416] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... pwritev2 resumed>) = 20480 [pid 5417] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] exit_group(0) = ? [pid 5417] <... futex resumed>) = ? [pid 5417] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5418 ./strace-static-x86_64: Process 5418 attached [pid 5418] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5418] chdir("./169") = 0 [pid 5418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5418] setpgid(0, 0) = 0 [pid 5418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5418] write(3, "1000", 4) = 4 [pid 5418] close(3) = 0 [pid 5418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5418] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5419 attached , parent_tid=[5419], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5419 [pid 5419] set_robust_list(0x7fa3182639e0, 24 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... set_robust_list resumed>) = 0 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5419] memfd_create("syzkaller", 0) = 3 [pid 5419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5419] munmap(0x7fa30fe43000, 524288) = 0 [pid 5419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5419] close(3) = 0 [pid 5419] mkdir("./file0", 0777) = 0 [pid 5419] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5419] chdir("./file0") = 0 [pid 5419] ioctl(4, LOOP_CLR_FD) = 0 [pid 5419] close(4) = 0 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... futex resumed>) = 1 [pid 5419] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... futex resumed>) = 1 [pid 5419] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... futex resumed>) = 1 [pid 5419] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... futex resumed>) = 1 [ 85.053858][ T5419] loop0: detected capacity change from 0 to 1024 [ 85.065014][ T5419] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 85.075480][ T5419] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 85.087758][ T5419] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5419] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] ftruncate(4, 31 [pid 5418] <... futex resumed>) = 0 [pid 5419] <... ftruncate resumed>) = 0 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5419] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... open resumed>) = 7 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5418] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... pwritev2 resumed>) = 20480 [pid 5419] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] exit_group(0 [pid 5419] <... futex resumed>) = ? [pid 5418] <... exit_group resumed>) = ? [pid 5419] +++ exited with 0 +++ [pid 5418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5418, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5420 ./strace-static-x86_64: Process 5420 attached [pid 5420] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5420] chdir("./170") = 0 [pid 5420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5420] setpgid(0, 0) = 0 [pid 5420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5420] write(3, "1000", 4) = 4 [pid 5420] close(3) = 0 [pid 5420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5420] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5420] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5421 attached , parent_tid=[5421], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5421 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5421] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5421] memfd_create("syzkaller", 0) = 3 [pid 5421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5421] munmap(0x7fa30fe43000, 524288) = 0 [pid 5421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5421] close(3) = 0 [pid 5421] mkdir("./file0", 0777) = 0 [pid 5421] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5421] chdir("./file0") = 0 [pid 5421] ioctl(4, LOOP_CLR_FD) = 0 [pid 5421] close(4) = 0 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 0 [pid 5421] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5421] sendfile(5, 6, NULL, 140737974943952 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.256797][ T5421] loop0: detected capacity change from 0 to 1024 [ 85.266413][ T5421] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 85.276957][ T5421] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 85.288761][ T5421] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... sendfile resumed>) = 65536 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5421] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 0 [pid 5421] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] ftruncate(4, 31) = 0 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5420] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5421] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5420] exit_group(0) = ? [pid 5421] +++ exited with 0 +++ [pid 5420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5420, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5422 ./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5422] chdir("./171") = 0 [pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5422] setpgid(0, 0) = 0 [pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5422] write(3, "1000", 4) = 4 [pid 5422] close(3) = 0 [pid 5422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5422] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5423], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5423 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5423] memfd_create("syzkaller", 0) = 3 [pid 5423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5423] munmap(0x7fa30fe43000, 524288) = 0 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] close(3) = 0 [pid 5423] mkdir("./file0", 0777) = 0 [pid 5423] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5423] chdir("./file0") = 0 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5423] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... open resumed>) = 4 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5423] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] <... futex resumed>) = 0 [pid 5423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... open resumed>) = 5 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] openat(-1, "/proc/self/exe", O_RDONLY [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... openat resumed>) = 6 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5423] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] <... futex resumed>) = 0 [pid 5423] sendfile(5, 6, NULL, 140737974943952 [ 85.439286][ T5423] loop0: detected capacity change from 0 to 1024 [ 85.449987][ T5423] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 85.460558][ T5423] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 85.473224][ T5423] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... sendfile resumed>) = 65536 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5423] <... futex resumed>) = 1 [pid 5423] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5423] ftruncate(4, 31 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... ftruncate resumed>) = 0 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5423] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5423] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5422] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... pwritev2 resumed>) = 20480 [pid 5423] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5422] exit_group(0) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5424 ./strace-static-x86_64: Process 5424 attached [pid 5424] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5424] chdir("./172") = 0 [pid 5424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5424] setpgid(0, 0) = 0 [pid 5424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5424] write(3, "1000", 4) = 4 [pid 5424] close(3) = 0 [pid 5424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5424] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5424] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5425], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5425 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5425] memfd_create("syzkaller", 0) = 3 [pid 5425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5425] munmap(0x7fa30fe43000, 524288) = 0 [pid 5425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5425] close(3) = 0 [pid 5425] mkdir("./file0", 0777) = 0 [pid 5425] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5425] chdir("./file0") = 0 [pid 5425] ioctl(4, LOOP_CLR_FD) = 0 [pid 5425] close(4) = 0 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5424] <... futex resumed>) = 1 [pid 5425] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... open resumed>) = 4 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] sendfile(5, 6, NULL, 140737974943952 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.643847][ T5425] loop0: detected capacity change from 0 to 1024 [ 85.654119][ T5425] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 85.664447][ T5425] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 85.676716][ T5425] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... sendfile resumed>) = 65536 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] ftruncate(4, 31 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... ftruncate resumed>) = 0 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... open resumed>) = 7 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5425] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5424] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... pwritev2 resumed>) = 20480 [pid 5425] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5424] exit_group(0 [pid 5425] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5424] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ [pid 5424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5424, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5426 ./strace-static-x86_64: Process 5426 attached [pid 5426] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5426] chdir("./173") = 0 [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5426] setpgid(0, 0) = 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5426] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5427 attached [pid 5427] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5427] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... clone resumed>, parent_tid=[5427], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5427 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5427] memfd_create("syzkaller", 0) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5427] munmap(0x7fa30fe43000, 524288) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5427] mkdir("./file0", 0777) = 0 [pid 5427] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./file0") = 0 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5427] close(4) = 0 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5427] <... futex resumed>) = 1 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5426] <... futex resumed>) = 0 [pid 5427] <... open resumed>) = 4 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... open resumed>) = 5 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5427] openat(-1, "/proc/self/exe", O_RDONLY [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... openat resumed>) = 6 [pid 5426] <... futex resumed>) = 0 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] sendfile(5, 6, NULL, 140737974943952 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.840915][ T5427] loop0: detected capacity change from 0 to 1024 [ 85.850940][ T5427] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 85.861452][ T5427] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 85.873483][ T5427] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... sendfile resumed>) = 65536 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... futex resumed>) = 1 [pid 5427] ftruncate(4, 31) = 0 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... futex resumed>) = 1 [pid 5427] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5427] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... futex resumed>) = 0 [pid 5426] exit_group(0 [pid 5427] <... futex resumed>) = ? [pid 5426] <... exit_group resumed>) = ? [pid 5427] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5426, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5428 ./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5428] chdir("./174") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5428] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5429], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] set_robust_list(0x7fa3182639e0, 24 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5429] <... set_robust_list resumed>) = 0 [pid 5429] memfd_create("syzkaller", 0) = 3 [pid 5429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5429] munmap(0x7fa30fe43000, 524288) = 0 [pid 5429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5429] close(3) = 0 [pid 5429] mkdir("./file0", 0777) = 0 [pid 5429] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5429] chdir("./file0") = 0 [pid 5429] ioctl(4, LOOP_CLR_FD) = 0 [pid 5429] close(4) = 0 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 1 [pid 5429] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 1 [pid 5429] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 1 [pid 5429] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 86.010009][ T5429] loop0: detected capacity change from 0 to 1024 [ 86.019715][ T5429] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.030631][ T5429] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.043346][ T5429] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5429] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 0 [pid 5429] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5429] ftruncate(4, 31 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... ftruncate resumed>) = 0 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... open resumed>) = 7 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5429] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5428] exit_group(0) = ? [pid 5429] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5430 ./strace-static-x86_64: Process 5430 attached [pid 5430] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5430] chdir("./175") = 0 [pid 5430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5430] setpgid(0, 0) = 0 [pid 5430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5430] write(3, "1000", 4) = 4 [pid 5430] close(3) = 0 [pid 5430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5430] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5430] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5431 attached , parent_tid=[5431], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5431 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5431] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5431] memfd_create("syzkaller", 0) = 3 [pid 5431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5431] munmap(0x7fa30fe43000, 524288) = 0 [pid 5431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5431] close(3) = 0 [pid 5431] mkdir("./file0", 0777) = 0 [pid 5431] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5431] chdir("./file0") = 0 [pid 5431] ioctl(4, LOOP_CLR_FD) = 0 [pid 5431] close(4) = 0 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... futex resumed>) = 0 [pid 5431] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] sendfile(5, 6, NULL, 140737974943952 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.192282][ T5431] loop0: detected capacity change from 0 to 1024 [ 86.202132][ T5431] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.212868][ T5431] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.225156][ T5431] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... sendfile resumed>) = 65536 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] <... futex resumed>) = 0 [pid 5431] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] ftruncate(4, 31 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... ftruncate resumed>) = 0 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... open resumed>) = 7 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5430] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... pwritev2 resumed>) = 20480 [pid 5431] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5430] exit_group(0) = ? [pid 5431] +++ exited with 0 +++ [pid 5430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5430, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5432 ./strace-static-x86_64: Process 5432 attached [pid 5432] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5432] chdir("./176") = 0 [pid 5432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5432] setpgid(0, 0) = 0 [pid 5432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5432] write(3, "1000", 4) = 4 [pid 5432] close(3) = 0 [pid 5432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5432] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5432] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5433], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5433 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5433 attached [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5433] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5433] memfd_create("syzkaller", 0) = 3 [pid 5433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5433] munmap(0x7fa30fe43000, 524288) = 0 [pid 5433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5433] close(3) = 0 [pid 5433] mkdir("./file0", 0777) = 0 [pid 5433] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5433] chdir("./file0") = 0 [pid 5433] ioctl(4, LOOP_CLR_FD) = 0 [pid 5433] close(4) = 0 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.375714][ T5433] loop0: detected capacity change from 0 to 1024 [ 86.386067][ T5433] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.396614][ T5433] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.408385][ T5433] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5433] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... futex resumed>) = 1 [pid 5433] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... futex resumed>) = 0 [pid 5433] ftruncate(4, 31 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... ftruncate resumed>) = 0 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... open resumed>) = 7 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... pwritev2 resumed>) = 20480 [pid 5433] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] exit_group(0) = ? [pid 5433] <... futex resumed>) = ? [pid 5433] +++ exited with 0 +++ [pid 5432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5432, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5434 ./strace-static-x86_64: Process 5434 attached [pid 5434] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5434] chdir("./177") = 0 [pid 5434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5434] setpgid(0, 0) = 0 [pid 5434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5434] write(3, "1000", 4) = 4 [pid 5434] close(3) = 0 [pid 5434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5434] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5434] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5435], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5435 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5435 attached [pid 5435] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5435] memfd_create("syzkaller", 0) = 3 [pid 5435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5435] munmap(0x7fa30fe43000, 524288) = 0 [pid 5435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5435] close(3) = 0 [pid 5435] mkdir("./file0", 0777) = 0 [pid 5435] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5435] chdir("./file0") = 0 [pid 5435] ioctl(4, LOOP_CLR_FD) = 0 [pid 5435] close(4) = 0 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [ 86.558617][ T5435] loop0: detected capacity change from 0 to 1024 [ 86.568766][ T5435] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.579317][ T5435] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.591700][ T5435] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5435] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] ftruncate(4, 31) = 0 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5435] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] exit_group(0) = ? [pid 5435] +++ exited with 0 +++ [pid 5434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5434, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5436 ./strace-static-x86_64: Process 5436 attached [pid 5436] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5436] chdir("./178") = 0 [pid 5436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5436] setpgid(0, 0) = 0 [pid 5436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5436] write(3, "1000", 4) = 4 [pid 5436] close(3) = 0 [pid 5436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5436] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5437 attached [pid 5437] set_robust_list(0x7fa3182639e0, 24 [pid 5436] <... clone resumed>, parent_tid=[5437], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5437 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5437] <... set_robust_list resumed>) = 0 [pid 5437] memfd_create("syzkaller", 0) = 3 [pid 5437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5437] munmap(0x7fa30fe43000, 524288) = 0 [pid 5437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5437] close(3) = 0 [pid 5437] mkdir("./file0", 0777) = 0 [pid 5437] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5437] chdir("./file0") = 0 [pid 5437] ioctl(4, LOOP_CLR_FD) = 0 [pid 5437] close(4) = 0 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... futex resumed>) = 0 [pid 5437] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... futex resumed>) = 1 [pid 5437] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... futex resumed>) = 1 [ 86.744344][ T5437] loop0: detected capacity change from 0 to 1024 [ 86.754403][ T5437] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.764903][ T5437] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.776840][ T5437] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5437] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5437] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] ftruncate(4, 31) = 0 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5437] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] exit_group(0) = ? [pid 5437] +++ exited with 0 +++ [pid 5436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5436, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5438 ./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5438] chdir("./179") = 0 [pid 5438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5438] setpgid(0, 0) = 0 [pid 5438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5438] write(3, "1000", 4) = 4 [pid 5438] close(3) = 0 [pid 5438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5438] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5439], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5439 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5439 attached [pid 5439] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5439] memfd_create("syzkaller", 0) = 3 [pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5439] munmap(0x7fa30fe43000, 524288) = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5439] close(3) = 0 [pid 5439] mkdir("./file0", 0777) = 0 [pid 5439] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5439] chdir("./file0") = 0 [pid 5439] ioctl(4, LOOP_CLR_FD) = 0 [pid 5439] close(4) = 0 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... futex resumed>) = 1 [pid 5439] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... futex resumed>) = 1 [pid 5439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] sendfile(5, 6, NULL, 140737974943952 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.937198][ T5439] loop0: detected capacity change from 0 to 1024 [ 86.947034][ T5439] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 86.957669][ T5439] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 86.969125][ T5439] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... sendfile resumed>) = 65536 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] ftruncate(4, 31 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... ftruncate resumed>) = 0 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... open resumed>) = 7 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5438] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... pwritev2 resumed>) = 20480 [pid 5439] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5439] <... futex resumed>) = 1 [pid 5439] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] exit_group(0 [pid 5439] <... futex resumed>) = ? [pid 5438] <... exit_group resumed>) = ? [pid 5439] +++ exited with 0 +++ [pid 5438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5438, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5440 ./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5440] chdir("./180") = 0 [pid 5440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5440] setpgid(0, 0) = 0 [pid 5440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5440] write(3, "1000", 4) = 4 [pid 5440] close(3) = 0 [pid 5440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5440] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5440] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5441], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5441 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5441] memfd_create("syzkaller", 0) = 3 [pid 5441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5441] munmap(0x7fa30fe43000, 524288) = 0 [pid 5441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5441] close(3) = 0 [pid 5441] mkdir("./file0", 0777) = 0 [pid 5441] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5441] chdir("./file0") = 0 [pid 5441] ioctl(4, LOOP_CLR_FD) = 0 [pid 5441] close(4) = 0 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [ 87.118223][ T5441] loop0: detected capacity change from 0 to 1024 [ 87.128343][ T5441] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 87.138565][ T5441] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 87.150033][ T5441] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5441] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] ftruncate(4, 31) = 0 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5441] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] exit_group(0) = ? [pid 5441] +++ exited with 0 +++ [pid 5440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5440, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached , child_tidptr=0x55555702f5d0) = 5442 [pid 5442] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5442] chdir("./181") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5442] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5443 attached , parent_tid=[5443], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5443 [pid 5443] set_robust_list(0x7fa3182639e0, 24 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... set_robust_list resumed>) = 0 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5443] memfd_create("syzkaller", 0) = 3 [pid 5443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5443] munmap(0x7fa30fe43000, 524288) = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5443] close(3) = 0 [pid 5443] mkdir("./file0", 0777) = 0 [pid 5443] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5443] chdir("./file0") = 0 [pid 5443] ioctl(4, LOOP_CLR_FD) = 0 [pid 5443] close(4) = 0 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 0 [pid 5443] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 1 [pid 5443] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 1 [ 87.297012][ T5443] loop0: detected capacity change from 0 to 1024 [ 87.306384][ T5443] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 87.316980][ T5443] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 87.328554][ T5443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5443] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 1 [pid 5443] ftruncate(4, 31) = 0 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 1 [pid 5443] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 1 [pid 5443] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5443] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5442] exit_group(0) = ? [pid 5443] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5444 ./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5444] chdir("./182") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5444] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5445], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5445 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5445 attached [pid 5445] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5445] memfd_create("syzkaller", 0) = 3 [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5445] munmap(0x7fa30fe43000, 524288) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] mkdir("./file0", 0777) = 0 [pid 5445] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file0") = 0 [pid 5445] ioctl(4, LOOP_CLR_FD) = 0 [pid 5445] close(4) = 0 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 1 [pid 5445] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 1 [pid 5445] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 1 [pid 5445] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 1 [ 87.481830][ T5445] loop0: detected capacity change from 0 to 1024 [ 87.491519][ T5445] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 87.502097][ T5445] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 87.514658][ T5445] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5445] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] ftruncate(4, 31) = 0 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5445] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] exit_group(0) = ? [pid 5445] +++ exited with 0 +++ [pid 5444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5444, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5446 ./strace-static-x86_64: Process 5446 attached [pid 5446] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5446] chdir("./183") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5446] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5447 attached [pid 5447] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5446] <... clone resumed>, parent_tid=[5447], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5447 [pid 5447] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5447] munmap(0x7fa30fe43000, 524288) = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] close(3) = 0 [pid 5447] mkdir("./file0", 0777) = 0 [pid 5447] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5447] chdir("./file0") = 0 [pid 5447] ioctl(4, LOOP_CLR_FD) = 0 [pid 5447] close(4) = 0 [ 87.659642][ T5447] loop0: detected capacity change from 0 to 1024 [ 87.669536][ T5447] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 87.679918][ T5447] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 87.692373][ T5447] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 0 [pid 5447] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 0 [pid 5447] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] sendfile(5, 6, NULL, 140737974943952) = 65536 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = -1 ENOSPC (No space left on device) [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [ 87.715420][ T27] kauditd_printk_skb: 71 callbacks suppressed [ 87.715432][ T27] audit: type=1800 audit(1672320187.495:551): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 87.743007][ T27] audit: type=1800 audit(1672320187.495:552): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] ftruncate(4, 31) = 0 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0) = 20480 [pid 5447] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] exit_group(0) = ? [pid 5447] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5446, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557030620 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557038660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557038660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x555557030620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702f5d0) = 5448 ./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x55555702f5e0, 24) = 0 [pid 5448] chdir("./184") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [ 87.789663][ T27] audit: type=1800 audit(1672320187.565:553): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa318243000 [pid 5448] mprotect(0x7fa318244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7fa3182633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5449 attached , parent_tid=[5449], tls=0x7fa318263700, child_tidptr=0x7fa3182639d0) = 5449 [pid 5448] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] set_robust_list(0x7fa3182639e0, 24) = 0 [pid 5449] memfd_create("syzkaller", 0) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa30fe43000 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5449] munmap(0x7fa30fe43000, 524288) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./file0", 0777) = 0 [pid 5449] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_REC|MS_STRICTATIME|MS_LAZYTIME, "noadinicb,utf8,noadinicb,volume=18446744073709551614,iocharset=iso8859-14,") = 0 [pid 5449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5449] chdir("./file0") = 0 [pid 5449] ioctl(4, LOOP_CLR_FD) = 0 [pid 5449] close(4) = 0 [pid 5449] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [ 87.866826][ T5449] loop0: detected capacity change from 0 to 1024 [ 87.876300][ T5449] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b [ 87.886632][ T5449] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 87.899049][ T5449] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5449] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5449] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 0 [pid 5449] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5449] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [pid 5449] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5449] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [pid 5449] sendfile(5, 6, NULL, 140737974943952 [pid 5448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5448] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa30fea2000 [pid 5448] mprotect(0x7fa30fea3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7fa30fec23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5450], tls=0x7fa30fec2700, child_tidptr=0x7fa30fec29d0) = 5450 ./strace-static-x86_64: Process 5450 attached [pid 5448] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] set_robust_list(0x7fa30fec29e0, 24) = 0 [pid 5450] pwritev2(4, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5448] <... futex resumed>) = 0 [ 87.914099][ T27] audit: type=1800 audit(1672320187.695:554): pid=5449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 87.936411][ T27] audit: type=1800 audit(1672320187.715:555): pid=5449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="bus" dev="loop0" ino=861 res=0 errno=0 [pid 5448] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... pwritev2 resumed>) = -1 ENOSPC (No space left on device) [pid 5450] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] futex(0x7fa31833d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 0 [pid 5450] ftruncate(4, 31) = 0 [pid 5450] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] open("./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 7 [pid 5450] futex(0x7fa31833d7fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fa31833d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fa31833d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] pwritev2(7, [{iov_base="\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=397312}], 1, 0, 0 [pid 5449] <... sendfile resumed>) = 65536 [pid 5449] futex(0x7fa31833d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.006250][ T27] audit: type=1800 audit(1672320187.785:556): pid=5450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor164" name="file1" dev="loop0" ino=839 res=0 errno=0 [ 88.031106][ T5450] ------------[ cut here ]------------ [ 88.036827][ T5450] WARNING: CPU: 0 PID: 5450 at fs/udf/truncate.c:208 udf_truncate_extents+0xfd7/0x11c0 [ 88.046544][ T5450] Modules linked in: [pid 5449] futex(0x7fa31833d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 88.050430][ T5450] CPU: 0 PID: 5450 Comm: syz-executor164 Not tainted 6.2.0-rc1-syzkaller #0 [ 88.059133][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 88.069260][ T5450] RIP: 0010:udf_truncate_extents+0xfd7/0x11c0 [ 88.075391][ T5450] Code: 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 97 88 fe bb fb ff ff ff 4c 8b 6c 24 58 eb 89 e8 79 97 88 fe <0f> 0b eb 80 89 d9 80 e1 07 38 c1 0f 8c 68 f1 ff ff 48 89 df e8 10 [ 88.095142][ T5450] RSP: 0018:ffffc9000403f720 EFLAGS: 00010293 [ 88.101362][ T5450] RAX: ffffffff830343f7 RBX: 0000000000000000 RCX: ffff88802155d7c0 [ 88.109449][ T5450] RDX: 0000000000000000 RSI: 000000000000001f RDI: 0000000000000000 [ 88.117538][ T5450] RBP: ffffc9000403f920 R08: ffffffff83033844 R09: ffffffff8300e683 [ 88.125586][ T5450] R10: 0000000000000002 R11: ffff88802155d7c0 R12: 000000000000001f [ 88.133648][ T5450] R13: 1ffff92000807efc R14: 000000000000001f R15: ffff888072d907c0 [ 88.141643][ T5450] FS: 00007fa30fec2700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 88.150631][ T5450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.157287][ T5450] CR2: 00007fa3182f8e10 CR3: 0000000079feb000 CR4: 00000000003506f0 [ 88.165472][ T5450] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 88.173522][ T5450] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 88.181514][ T5450] Call Trace: [ 88.184859][ T5450] [ 88.187804][ T5450] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 88.193882][ T5450] ? udf_write_failed+0x18f/0x1d0 [ 88.198945][ T5450] ? udf_discard_prealloc+0x820/0x820 [ 88.204403][ T5450] ? udf_write_failed+0x18f/0x1d0 [ 88.209444][ T5450] ? do_raw_spin_lock+0x147/0x3a0 [ 88.214540][ T5450] ? __lock_acquire+0x1f60/0x1f60 [ 88.219609][ T5450] ? do_raw_spin_unlock+0x134/0x8a0 [ 88.224912][ T5450] ? PageHeadHuge+0x8a/0x1d0 [ 88.229531][ T5450] udf_write_failed+0x197/0x1d0 [ 88.234476][ T5450] udf_write_begin+0x5c/0x60 [ 88.239091][ T5450] generic_perform_write+0x2e4/0x5e0 [ 88.244453][ T5450] ? aa_path_link+0x11d0/0x11d0 [ 88.249320][ T5450] ? generic_file_direct_write+0x610/0x610 [pid 5448] exit_group(0 [pid 5449] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5449] +++ exited with 0 +++ [ 88.255186][ T5450] ? __file_remove_privs+0x610/0x610 [ 88.260491][ T5450] ? up_write+0x19a/0x580 [ 88.264929][ T5450] ? __up_read+0x690/0x690 [ 88.269372][ T5450] __generic_file_write_iter+0x29b/0x400 [ 88.275108][ T5450] udf_file_write_iter+0x325/0x5f0 [ 88.280242][ T5450] do_iter_write+0x6c2/0xc20 [ 88.284897][ T5450] ? vfs_iter_write+0xa0/0xa0 [ 88.289586][ T5450] ? rcu_read_lock_any_held+0xb1/0x130 [ 88.295124][ T5450] do_pwritev+0x200/0x350 [ 88.299474][ T5450] ? do_preadv+0x330/0x330 [ 88.303961][ T5450] ? _raw_spin_unlock_irq+0x1f/0x40 [ 88.309177][ T5450] ? lockdep_hardirqs_on+0x8d/0x130 [ 88.314431][ T5450] ? _raw_spin_unlock_irq+0x2a/0x40 [ 88.319644][ T5450] ? ptrace_notify+0x245/0x340 [ 88.324447][ T5450] ? do_notify_parent+0xe00/0xe00 [ 88.329492][ T5450] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 88.335549][ T5450] ? __x64_sys_pwritev2+0xb9/0x100 [ 88.340678][ T5450] do_syscall_64+0x3d/0xb0 [ 88.345147][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 88.351053][ T5450] RIP: 0033:0x7fa3182b7739 [ 88.355569][ T5450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.375284][ T5450] RSP: 002b:00007fa30fec22e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 88.383794][ T5450] RAX: ffffffffffffffda RBX: 00007fa31833d7f0 RCX: 00007fa3182b7739 [ 88.391788][ T5450] RDX: 0000000000000001 RSI: 0000000020000680 RDI: 0000000000000007 [ 88.399922][ T5450] RBP: 00007fa318309b10 R08: 0000000000000000 R09: 0000000000000000 [ 88.407939][ T5450] R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e [ 88.416005][ T5450] R13: 0030656c69662f2e R14: 65732f636f72702f R15: 00007fa31833d7f8 [ 88.424035][ T5450] [ 88.427059][ T5450] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 88.434356][ T5450] CPU: 0 PID: 5450 Comm: syz-executor164 Not tainted 6.2.0-rc1-syzkaller #0 [ 88.443035][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 88.453089][ T5450] Call Trace: [ 88.456368][ T5450] [ 88.459291][ T5450] dump_stack_lvl+0x1b1/0x290 [ 88.463963][ T5450] ? nf_tcp_handle_invalid+0x630/0x630 [ 88.469412][ T5450] ? panic+0x710/0x710 [ 88.473475][ T5450] ? vscnprintf+0x59/0x80 [ 88.477817][ T5450] ? udf_truncate_extents+0xee0/0x11c0 [ 88.483286][ T5450] panic+0x2d6/0x710 [ 88.487201][ T5450] ? __warn+0x16d/0x2d0 [ 88.491347][ T5450] ? memcpy_page_flushcache+0x100/0x100 [ 88.496892][ T5450] ? udf_truncate_extents+0xfd7/0x11c0 [ 88.502341][ T5450] __warn+0x284/0x2d0 [ 88.506313][ T5450] ? udf_truncate_extents+0xfd7/0x11c0 [ 88.511779][ T5450] report_bug+0x1b3/0x2d0 [ 88.516139][ T5450] handle_bug+0x3d/0x70 [ 88.520316][ T5450] exc_invalid_op+0x16/0x40 [ 88.524841][ T5450] asm_exc_invalid_op+0x16/0x20 [ 88.529683][ T5450] RIP: 0010:udf_truncate_extents+0xfd7/0x11c0 [ 88.535749][ T5450] Code: 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 97 88 fe bb fb ff ff ff 4c 8b 6c 24 58 eb 89 e8 79 97 88 fe <0f> 0b eb 80 89 d9 80 e1 07 38 c1 0f 8c 68 f1 ff ff 48 89 df e8 10 [ 88.555353][ T5450] RSP: 0018:ffffc9000403f720 EFLAGS: 00010293 [ 88.561420][ T5450] RAX: ffffffff830343f7 RBX: 0000000000000000 RCX: ffff88802155d7c0 [ 88.569390][ T5450] RDX: 0000000000000000 RSI: 000000000000001f RDI: 0000000000000000 [ 88.577371][ T5450] RBP: ffffc9000403f920 R08: ffffffff83033844 R09: ffffffff8300e683 [ 88.585354][ T5450] R10: 0000000000000002 R11: ffff88802155d7c0 R12: 000000000000001f [ 88.593345][ T5450] R13: 1ffff92000807efc R14: 000000000000001f R15: ffff888072d907c0 [ 88.601323][ T5450] ? udf_current_aext+0x363/0xa80 [ 88.606352][ T5450] ? udf_truncate_extents+0x424/0x11c0 [ 88.611811][ T5450] ? udf_truncate_extents+0xfd7/0x11c0 [ 88.617281][ T5450] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 88.623267][ T5450] ? udf_write_failed+0x18f/0x1d0 [ 88.628295][ T5450] ? udf_discard_prealloc+0x820/0x820 [ 88.633676][ T5450] ? udf_write_failed+0x18f/0x1d0 [ 88.638708][ T5450] ? do_raw_spin_lock+0x147/0x3a0 [ 88.643744][ T5450] ? __lock_acquire+0x1f60/0x1f60 [ 88.648782][ T5450] ? do_raw_spin_unlock+0x134/0x8a0 [ 88.653983][ T5450] ? PageHeadHuge+0x8a/0x1d0 [ 88.658575][ T5450] udf_write_failed+0x197/0x1d0 [ 88.663429][ T5450] udf_write_begin+0x5c/0x60 [ 88.668021][ T5450] generic_perform_write+0x2e4/0x5e0 [ 88.673321][ T5450] ? aa_path_link+0x11d0/0x11d0 [ 88.678201][ T5450] ? generic_file_direct_write+0x610/0x610 [ 88.684010][ T5450] ? __file_remove_privs+0x610/0x610 [ 88.689290][ T5450] ? up_write+0x19a/0x580 [ 88.693886][ T5450] ? __up_read+0x690/0x690 [ 88.698300][ T5450] __generic_file_write_iter+0x29b/0x400 [ 88.703945][ T5450] udf_file_write_iter+0x325/0x5f0 [ 88.709079][ T5450] do_iter_write+0x6c2/0xc20 [ 88.713687][ T5450] ? vfs_iter_write+0xa0/0xa0 [ 88.718361][ T5450] ? rcu_read_lock_any_held+0xb1/0x130 [ 88.723846][ T5450] do_pwritev+0x200/0x350 [ 88.728188][ T5450] ? do_preadv+0x330/0x330 [ 88.732607][ T5450] ? _raw_spin_unlock_irq+0x1f/0x40 [ 88.737806][ T5450] ? lockdep_hardirqs_on+0x8d/0x130 [ 88.743000][ T5450] ? _raw_spin_unlock_irq+0x2a/0x40 [ 88.748198][ T5450] ? ptrace_notify+0x245/0x340 [ 88.752966][ T5450] ? do_notify_parent+0xe00/0xe00 [ 88.758000][ T5450] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 88.763981][ T5450] ? __x64_sys_pwritev2+0xb9/0x100 [ 88.769099][ T5450] do_syscall_64+0x3d/0xb0 [ 88.773519][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 88.779418][ T5450] RIP: 0033:0x7fa3182b7739 [ 88.783831][ T5450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.803445][ T5450] RSP: 002b:00007fa30fec22e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 88.811862][ T5450] RAX: ffffffffffffffda RBX: 00007fa31833d7f0 RCX: 00007fa3182b7739 [ 88.819832][ T5450] RDX: 0000000000000001 RSI: 0000000020000680 RDI: 0000000000000007 [ 88.827801][ T5450] RBP: 00007fa318309b10 R08: 0000000000000000 R09: 0000000000000000 [ 88.835767][ T5450] R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e [ 88.843732][ T5450] R13: 0030656c69662f2e R14: 65732f636f72702f R15: 00007fa31833d7f8 [ 88.851714][ T5450] [ 88.854910][ T5450] Kernel Offset: disabled [ 88.859300][ T5450] Rebooting in 86400 seconds..