./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2647809032 <...> Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. execve("./syz-executor2647809032", ["./syz-executor2647809032"], 0x7ffe9ea49e60 /* 10 vars */) = 0 brk(NULL) = 0x55555c67f000 brk(0x55555c67fd40) = 0x55555c67fd40 arch_prctl(ARCH_SET_FS, 0x55555c67f3c0) = 0 set_tid_address(0x55555c67f690) = 5824 set_robust_list(0x55555c67f6a0, 24) = 0 rseq(0x55555c67fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2647809032", 4096) = 28 getrandom("\x45\x09\x9d\x83\xa6\x55\xee\x72", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555c67fd40 brk(0x55555c6a0d40) = 0x55555c6a0d40 brk(0x55555c6a1000) = 0x55555c6a1000 mprotect(0x7f8a95f1e000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.6KXWFE", 0700) = 0 chmod("./syzkaller.6KXWFE", 0777) = 0 chdir("./syzkaller.6KXWFE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5825 [pid 5825] chdir("./0") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5825] write(1, "executing program\n", 18) = 18 [pid 5825] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5825] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5826 attached [pid 5826] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5825] <... clone3 resumed> => {parent_tid=[5826]}, 88) = 5826 [pid 5826] set_robust_list(0x7f8a95e509a0, 24 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5826] memfd_create("syzkaller", 0 [pid 5825] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... memfd_create resumed>) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5826] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5826] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] close(4) = 0 [pid 5826] mkdir("./file2", 0777) = 0 [pid 5826] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5826] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file2") = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 112.627564][ T5826] loop0: detected capacity change from 0 to 256 [pid 5826] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... openat resumed>) = 4 [pid 5826] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 1 [ 112.697383][ T5826] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5826] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5825] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5825] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5827 attached [pid 5827] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5827] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5825] <... clone3 resumed> => {parent_tid=[5827]}, 88) = 5827 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5827] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5825] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5825] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5828 attached [pid 5828] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5825] <... clone3 resumed> => {parent_tid=[5828]}, 88) = 5828 [pid 5828] <... rseq resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5825] <... futex resumed>) = 0 [pid 5828] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 5825] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... openat resumed>) = 5 [pid 5826] <... ioctl resumed>) = 0 [pid 5827] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] exit_group(0 [pid 5827] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5828] <... futex resumed>) = ? [pid 5825] <... exit_group resumed>) = ? [pid 5826] +++ exited with 0 +++ [pid 5827] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 112.930081][ T37] audit: type=1800 audit(1753855582.770:2): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=3 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached [pid 5829] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5829 [pid 5829] chdir("./1") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5829] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5830 attached [pid 5830] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5830]}, 88) = 5830 [pid 5830] set_robust_list(0x7f8a95e509a0, 24 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5830] memfd_create("syzkaller", 0 [pid 5829] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... memfd_create resumed>) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5830] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5830] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file2", 0777) = 0 [pid 5830] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5830] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file2") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5829] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... openat resumed>) = 4 [ 113.463245][ T5830] loop0: detected capacity change from 0 to 256 [pid 5830] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5829] <... futex resumed>) = 0 [ 113.512366][ T5830] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5829] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5829] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5829] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] <... rseq resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5829] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... openat resumed>) = 5 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... mmap resumed>) = 0x7f8a95dee000 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5830] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... mprotect resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... futex resumed>) = 0 [pid 5829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5832] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5832]}, 88) = 5832 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5832] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5829] exit_group(0 [pid 5832] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5831] <... futex resumed>) = ? [pid 5830] <... futex resumed>) = ? [pid 5829] <... exit_group resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.707057][ T37] audit: type=1800 audit(1753855583.550:3): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=5 res=0 errno=0 openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 5833 ./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5833] chdir("./2") = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5833] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5834 attached [pid 5834] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5833] <... clone3 resumed> => {parent_tid=[5834]}, 88) = 5834 [pid 5834] <... rseq resumed>) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5834] memfd_create("syzkaller", 0 [pid 5833] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... memfd_create resumed>) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5834] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5834] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5834] close(3) = 0 [pid 5834] close(4) = 0 [pid 5834] mkdir("./file2", 0777) = 0 [pid 5834] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5834] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("./file2") = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5834] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5834] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.224558][ T5834] loop0: detected capacity change from 0 to 256 [pid 5834] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5834] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5834] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5834] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5833] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 114.277305][ T5834] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5833] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5833] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5835 attached => {parent_tid=[5835]}, 88) = 5835 [pid 5835] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... rseq resumed>) = 0 [pid 5835] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... ioctl resumed>) = 0 [pid 5834] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... openat resumed>) = 5 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5835] <... futex resumed>) = 0 [pid 5833] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5834] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5833] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5834] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5834] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] exit_group(0 [pid 5835] <... futex resumed>) = ? [pid 5834] <... futex resumed>) = ? [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ [pid 5833] <... exit_group resumed>) = ? [pid 5833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.446964][ T37] audit: type=1800 audit(1753855584.290:4): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=7 res=0 errno=0 newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x55555c67f690) = 5836 [pid 5836] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5836] chdir("./3") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] write(1, "executing program\n", 18executing program ) = 18 [pid 5836] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5836] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5836] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] set_robust_list(0x7f8a95e509a0, 24 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5837] memfd_create("syzkaller", 0 [pid 5836] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] <... memfd_create resumed>) = 3 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5837] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5837] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5837] close(3) = 0 [pid 5837] close(4) = 0 [pid 5837] mkdir("./file2", 0777) = 0 [pid 5837] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5837] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5837] chdir("./file2") = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5837] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 114.882755][ T5837] loop0: detected capacity change from 0 to 256 [pid 5836] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... openat resumed>) = 4 [pid 5837] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5836] <... futex resumed>) = 0 [ 114.918642][ T5837] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5836] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5836] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5836] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5836] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] <... rseq resumed>) = 0 [pid 5838] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] <... futex resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5836] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5836] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5839 attached [pid 5839] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5839] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5836] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5836] <... futex resumed>) = 0 [pid 5839] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 5836] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... openat resumed>) = 5 [pid 5837] <... ioctl resumed>) = 0 [pid 5838] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] exit_group(0 [pid 5837] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... futex resumed>) = ? [pid 5837] <... futex resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ [pid 5836] <... exit_group resumed>) = ? [pid 5838] <... futex resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 115.106446][ T37] audit: type=1800 audit(1753855584.950:5): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=9 res=0 errno=0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5840] chdir("./4") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5840 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] write(1, "executing program\n", 18executing program ) = 18 [pid 5840] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5840] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5841 attached [pid 5841] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5840] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5841] <... rseq resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... futex resumed>) = 0 [pid 5841] <... mmap resumed>) = 0x7f8a8da30000 [pid 5840] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5841] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5841] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("./file2", 0777) = 0 [pid 5841] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5841] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./file2") = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5841] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5840] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... openat resumed>) = 4 [pid 5841] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 115.548501][ T5841] loop0: detected capacity change from 0 to 256 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5840] <... futex resumed>) = 0 [ 115.586718][ T5841] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5840] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5840] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5840] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5840] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... rseq resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5840] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... futex resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5840] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5840] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5843 attached => {parent_tid=[5843]}, 88) = 5843 [pid 5843] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5843] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... set_robust_list resumed>) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5840] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5840] <... futex resumed>) = 0 [pid 5843] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 5843] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] <... ioctl resumed>) = 0 [pid 5841] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] <... openat resumed>) = 5 [pid 5841] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5841] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [pid 5842] +++ exited with 0 +++ [pid 5841] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 115.768113][ T37] audit: type=1800 audit(1753855585.610:6): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=11 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x55555c67f690) = 5844 [pid 5844] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5844] chdir("./5") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5844] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5844] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5845 attached [pid 5845] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] <... clone3 resumed> => {parent_tid=[5845]}, 88) = 5845 [pid 5845] set_robust_list(0x7f8a95e509a0, 24 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... set_robust_list resumed>) = 0 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5845] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5845] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file2", 0777) = 0 [pid 5845] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5845] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file2") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5844] <... futex resumed>) = 0 [ 116.346066][ T5845] loop0: detected capacity change from 0 to 256 [ 116.382169][ T5845] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5844] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... openat resumed>) = 4 [pid 5845] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5844] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5846] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5844] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5846] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5844] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] <... openat resumed>) = 5 [pid 5845] <... ioctl resumed>) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5845] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... mmap resumed>) = 0x7f8a95dee000 [pid 5846] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 0 [pid 5845] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5846] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... mprotect resumed>) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5847 attached => {parent_tid=[5847]}, 88) = 5847 [pid 5847] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] <... rseq resumed>) = 0 [pid 5844] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5844] <... futex resumed>) = 0 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5844] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5847] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5847] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] exit_group(0 [pid 5845] <... futex resumed>) = ? [pid 5844] <... exit_group resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5847] <... futex resumed>) = ? [pid 5846] <... futex resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 116.606561][ T37] audit: type=1800 audit(1753855586.450:7): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=13 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached , child_tidptr=0x55555c67f690) = 5848 [pid 5848] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5848] chdir("./6") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5848] write(1, "executing program\n", 18) = 18 [pid 5848] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5848] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5848] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5849] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5849] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./file2", 0777) = 0 [pid 5849] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5849] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file2") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5849] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... futex resumed>) = 0 [ 117.172838][ T5849] loop0: detected capacity change from 0 to 256 [pid 5848] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... openat resumed>) = 4 [pid 5849] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5848] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5848] <... futex resumed>) = 0 [ 117.217885][ T5849] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5848] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5848] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5848] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5848] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] <... futex resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5848] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... ioctl resumed>) = 0 [pid 5850] <... openat resumed>) = 5 [pid 5850] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5848] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5848] <... futex resumed>) = 0 [pid 5849] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5848] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5848] exit_group(0 [pid 5849] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] <... exit_group resumed>) = ? [pid 5849] <... futex resumed>) = ? [pid 5849] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 117.386894][ T37] audit: type=1800 audit(1753855587.230:8): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=15 res=0 errno=0 openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5851] chdir("./7") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5851 [pid 5851] <... setpgid resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] write(1, "executing program\n", 18) = 18 [pid 5851] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5851] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5852 attached [pid 5852] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5851] <... clone3 resumed> => {parent_tid=[5852]}, 88) = 5852 [pid 5852] <... rseq resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] set_robust_list(0x7f8a95e509a0, 24 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] memfd_create("syzkaller", 0) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5852] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5852] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file2", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5852] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file2") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.889696][ T5852] loop0: detected capacity change from 0 to 256 [pid 5851] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5852] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5852] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 117.940735][ T5852] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5851] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5851] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5851] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5853] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5851] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 5 [pid 5852] <... ioctl resumed>) = 0 [pid 5852] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5852] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5851] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5852] <... futex resumed>) = ? [pid 5851] <... exit_group resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 118.117021][ T37] audit: type=1800 audit(1753855587.960:9): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=17 res=0 errno=0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 5854 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5854] chdir("./8") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18executing program ) = 18 [pid 5854] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5854] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5855] set_robust_list(0x7f8a95e509a0, 24 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5855] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5855] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file2", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5855] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file2") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... futex resumed>) = 1 [pid 5855] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 118.611037][ T5855] loop0: detected capacity change from 0 to 256 [pid 5855] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5855] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5854] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.648579][ T5855] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5854] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5854] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5854] <... clone3 resumed> => {parent_tid=[5856]}, 88) = 5856 [pid 5856] <... rseq resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... futex resumed>) = 0 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5854] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5854] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] <... openat resumed>) = 5 [pid 5855] <... ioctl resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5856] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... clone3 resumed> => {parent_tid=[5857]}, 88) = 5857 ./strace-static-x86_64: Process 5857 attached [pid 5855] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5857] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5857] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5857] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5854] exit_group(0 [pid 5857] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5856] <... futex resumed>) = ? [pid 5855] <... futex resumed>) = ? [pid 5857] +++ exited with 0 +++ [pid 5856] +++ exited with 0 +++ [pid 5854] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 118.846495][ T37] audit: type=1800 audit(1753855588.690:10): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=19 res=0 errno=0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x55555c67f690) = 5858 [pid 5858] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5858] chdir("./9") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5858] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5859 attached [pid 5859] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5859] set_robust_list(0x7f8a95e509a0, 24 [pid 5858] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] memfd_create("syzkaller", 0 [pid 5858] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] <... memfd_create resumed>) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5859] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5859] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./file2", 0777) = 0 [pid 5859] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5859] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file2") = 0 [ 119.323640][ T5859] loop0: detected capacity change from 0 to 256 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5858] <... futex resumed>) = 0 [pid 5859] <... openat resumed>) = 4 [pid 5858] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5858] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 119.370052][ T5859] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5858] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5858] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5858] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5860 attached => {parent_tid=[5860]}, 88) = 5860 [pid 5860] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... rseq resumed>) = 0 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5858] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... futex resumed>) = 0 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5859] <... ioctl resumed>) = 0 [pid 5859] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... openat resumed>) = 5 [pid 5860] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5860] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 0 [pid 5859] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5859] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] exit_group(0 [pid 5859] <... futex resumed>) = 1 [pid 5860] <... futex resumed>) = ? [pid 5858] <... exit_group resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 119.536775][ T37] audit: type=1800 audit(1753855589.380:11): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=21 res=0 errno=0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached , child_tidptr=0x55555c67f690) = 5861 [pid 5861] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5861] chdir("./10") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5861] write(1, "executing program\n", 18) = 18 [pid 5861] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5861] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5862 attached [pid 5862] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5861] <... clone3 resumed> => {parent_tid=[5862]}, 88) = 5862 [pid 5862] set_robust_list(0x7f8a95e509a0, 24 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] <... set_robust_list resumed>) = 0 [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5861] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] memfd_create("syzkaller", 0 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... memfd_create resumed>) = 3 [pid 5861] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5862] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5862] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file2", 0777) = 0 [pid 5862] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 120.052297][ T5862] loop0: detected capacity change from 0 to 256 [pid 5862] chdir("./file2") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5861] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... openat resumed>) = 4 [pid 5862] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5861] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.093853][ T5862] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5861] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5861] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5861] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5863 attached [pid 5863] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5863] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5861] <... clone3 resumed> => {parent_tid=[5863]}, 88) = 5863 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... ioctl resumed>) = 0 [pid 5862] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... openat resumed>) = 5 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5863] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5861] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5862] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] exit_group(0) = ? [pid 5863] <... futex resumed>) = ? [pid 5862] <... futex resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 120.296831][ T37] audit: type=1800 audit(1753855590.140:12): pid=5863 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=23 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5864 [pid 5864] chdir("./11") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] write(1, "executing program\n", 18executing program ) = 18 [pid 5864] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5864] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5865] set_robust_list(0x7f8a95e509a0, 24 [pid 5864] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] memfd_create("syzkaller", 0 [pid 5864] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5865] <... memfd_create resumed>) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5865] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5865] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./file2", 0777) = 0 [pid 5865] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file2") = 0 [ 120.872186][ T5865] loop0: detected capacity change from 0 to 256 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5865] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... openat resumed>) = 4 [pid 5865] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5865] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 120.921626][ T5865] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5864] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5864] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5864] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5866 attached [pid 5866] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5864] <... clone3 resumed> => {parent_tid=[5866]}, 88) = 5866 [pid 5866] <... rseq resumed>) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5866] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5864] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5864] <... futex resumed>) = 0 [pid 5866] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5864] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5864] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5864] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5866] <... openat resumed>) = 5 [pid 5865] <... ioctl resumed>) = 0 [pid 5865] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... mprotect resumed>) = 0 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5864] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5864] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... rseq resumed>) = 0 [pid 5867] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5867] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5864] exit_group(0 [pid 5866] <... futex resumed>) = ? [pid 5865] <... futex resumed>) = ? [pid 5864] <... exit_group resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 121.096789][ T37] audit: type=1800 audit(1753855590.940:13): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=25 res=0 errno=0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5868 [pid 5868] chdir("./12") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5868] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5868] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5868] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] <... rseq resumed>) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] set_robust_list(0x7f8a95e509a0, 24 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... memfd_create resumed>) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5869] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5869] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./file2", 0777) = 0 [pid 5869] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5869] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./file2") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] <... futex resumed>) = 1 [pid 5868] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 4 [pid 5869] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5868] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 121.649566][ T5869] loop0: detected capacity change from 0 to 256 [ 121.684277][ T5869] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5869] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5868] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5868] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5868] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5870] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5868] <... clone3 resumed> => {parent_tid=[5870]}, 88) = 5870 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5868] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5868] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 5 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5871 attached [pid 5870] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5868] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5870] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... rseq resumed>) = 0 [pid 5871] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5871] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5868] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5868] exit_group(0 [pid 5871] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... exit_group resumed>) = ? [pid 5871] <... futex resumed>) = ? [pid 5870] <... futex resumed>) = ? [pid 5869] <... futex resumed>) = ? [pid 5871] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 121.889349][ T37] audit: type=1800 audit(1753855591.730:14): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=27 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x55555c67f690) = 5872 [pid 5872] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5872] chdir("./13") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5872] write(1, "executing program\n", 18) = 18 [pid 5872] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5872] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] set_robust_list(0x7f8a95e509a0, 24 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... set_robust_list resumed>) = 0 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] memfd_create("syzkaller", 0 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... memfd_create resumed>) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5873] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5873] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./file2", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5873] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file2") = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... openat resumed>) = 4 [pid 5873] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [ 122.463361][ T5873] loop0: detected capacity change from 0 to 256 [pid 5872] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 122.498085][ T5873] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5872] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5872] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5874 attached => {parent_tid=[5874]}, 88) = 5874 [pid 5874] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5872] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5875 attached [pid 5875] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5875] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5872] <... clone3 resumed> => {parent_tid=[5875]}, 88) = 5875 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EBADF (Bad file descriptor) [pid 5872] <... futex resumed>) = 0 [pid 5875] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... ioctl resumed>) = 0 [pid 5874] <... openat resumed>) = 5 [pid 5874] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] exit_group(0 [pid 5874] <... futex resumed>) = 0 [pid 5874] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] <... futex resumed>) = ? [pid 5874] <... futex resumed>) = ? [pid 5872] <... exit_group resumed>) = ? [pid 5873] <... futex resumed>) = ? [pid 5875] +++ exited with 0 +++ [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 122.707023][ T37] audit: type=1800 audit(1753855592.550:15): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=29 res=0 errno=0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5876 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5876] chdir("./14") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5876] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5876] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] set_robust_list(0x7f8a95e509a0, 24 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] <... futex resumed>) = 0 [pid 5877] memfd_create("syzkaller", 0 [pid 5876] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5877] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5877] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file2", 0777) = 0 [pid 5877] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5877] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file2") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 4 [pid 5877] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [ 123.142412][ T5877] loop0: detected capacity change from 0 to 256 [ 123.170812][ T5877] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5877] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5876] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5876] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5876] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5878 attached => {parent_tid=[5878]}, 88) = 5878 [pid 5878] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5878] <... rseq resumed>) = 0 [pid 5878] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5876] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5877] <... ioctl resumed>) = 0 [pid 5877] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... openat resumed>) = 5 [pid 5877] <... futex resumed>) = 0 [pid 5878] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5878] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 0 [pid 5877] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5877] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] exit_group(0 [pid 5878] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5877] <... futex resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 123.376950][ T37] audit: type=1800 audit(1753855593.220:16): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=31 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached [pid 5879] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5879] chdir("./15") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] write(1, "executing program\n", 18executing program ) = 18 [pid 5879] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5879] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5879] <... clone3 resumed> => {parent_tid=[5880]}, 88) = 5880 [pid 5880] <... rseq resumed>) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] set_robust_list(0x7f8a95e509a0, 24 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5880] memfd_create("syzkaller", 0 [pid 5879] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] <... memfd_create resumed>) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5880] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5880] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./file2", 0777) = 0 [pid 5880] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5880] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file2") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5879] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... openat resumed>) = 4 [pid 5880] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5880] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5879] <... futex resumed>) = 1 [ 123.859298][ T5880] loop0: detected capacity change from 0 to 256 [ 123.901076][ T5880] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5879] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5879] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5879] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5881 attached [pid 5881] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5879] <... clone3 resumed> => {parent_tid=[5881]}, 88) = 5881 [pid 5881] <... rseq resumed>) = 0 [pid 5881] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] <... set_robust_list resumed>) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5881] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5879] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5879] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5879] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5882 attached => {parent_tid=[5882]}, 88) = 5882 [pid 5882] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... rseq resumed>) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5879] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EBADF (Bad file descriptor) [pid 5882] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5882] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... ioctl resumed>) = 0 [pid 5880] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... openat resumed>) = 5 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] exit_group(0 [pid 5882] <... futex resumed>) = ? [pid 5881] <... futex resumed>) = ? [pid 5879] <... exit_group resumed>) = ? [pid 5880] <... futex resumed>) = ? [pid 5882] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 124.086574][ T37] audit: type=1800 audit(1753855593.930:17): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=33 res=0 errno=0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x55555c67f690) = 5883 [pid 5883] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5883] chdir("./16") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] write(1, "executing program\n", 18executing program ) = 18 [pid 5883] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5883] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5884 attached [pid 5884] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5883] <... clone3 resumed> => {parent_tid=[5884]}, 88) = 5884 [pid 5884] set_robust_list(0x7f8a95e509a0, 24 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5884] <... memfd_create resumed>) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5884] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5884] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file2", 0777) = 0 [pid 5884] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5884] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file2") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.601263][ T5884] loop0: detected capacity change from 0 to 256 [pid 5884] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5883] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 4 [pid 5884] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 124.648312][ T5884] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5884] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5883] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5883] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5883] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5885 attached => {parent_tid=[5885]}, 88) = 5885 [pid 5885] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... rseq resumed>) = 0 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5883] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... set_robust_list resumed>) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... futex resumed>) = 0 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5883] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5883] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5883] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5883] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5886] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EBADF (Bad file descriptor) [pid 5886] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5886] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] <... openat resumed>) = 5 [pid 5884] <... ioctl resumed>) = 0 [pid 5885] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0) = ? [pid 5886] <... futex resumed>) = ? [pid 5885] <... futex resumed>) = ? [pid 5884] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5884] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 124.886578][ T37] audit: type=1800 audit(1753855594.730:18): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=35 res=0 errno=0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x55555c67f690) = 5887 [pid 5887] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5887] chdir("./17") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5887] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] set_robust_list(0x7f8a95e509a0, 24 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] <... set_robust_list resumed>) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] memfd_create("syzkaller", 0 [pid 5887] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] <... memfd_create resumed>) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5888] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5888] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file2", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5888] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file2") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5888] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5887] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... openat resumed>) = 4 [pid 5888] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5888] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 125.502755][ T5888] loop0: detected capacity change from 0 to 256 [ 125.530471][ T5888] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5887] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5887] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5889] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5887] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... ioctl resumed>) = 0 [pid 5889] <... openat resumed>) = 5 [pid 5888] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... futex resumed>) = 0 [pid 5888] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5888] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] exit_group(0) = ? [pid 5888] <... futex resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 125.697136][ T37] audit: type=1800 audit(1753855595.540:19): pid=5889 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=37 res=0 errno=0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached [pid 5890] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5890 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5890] chdir("./18") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] write(1, "executing program\n", 18executing program ) = 18 [pid 5890] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5890] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5891 attached [pid 5891] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5890] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5891] <... rseq resumed>) = 0 [pid 5891] set_robust_list(0x7f8a95e509a0, 24 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5891] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5891] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file2", 0777) = 0 [pid 5891] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5891] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file2") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... openat resumed>) = 4 [pid 5891] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 126.143992][ T5891] loop0: detected capacity change from 0 to 256 [pid 5890] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [ 126.189985][ T5891] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5891] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5890] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5890] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5892 attached => {parent_tid=[5892]}, 88) = 5892 [pid 5892] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] <... rseq resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5890] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5891] <... ioctl resumed>) = 0 [pid 5891] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... openat resumed>) = 5 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5890] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5891] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5890] exit_group(0 [pid 5891] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... futex resumed>) = ? [pid 5891] <... futex resumed>) = ? [pid 5890] <... exit_group resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 126.349138][ T37] audit: type=1800 audit(1753855596.190:20): pid=5892 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=39 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached [pid 5893] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5893] chdir("./19") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5893 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] write(1, "executing program\n", 18executing program ) = 18 [pid 5893] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5893] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5894 attached [pid 5894] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5894] set_robust_list(0x7f8a95e509a0, 24 [pid 5893] <... clone3 resumed> => {parent_tid=[5894]}, 88) = 5894 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5894] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5894] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./file2", 0777) = 0 [pid 5894] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5894] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./file2") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... openat resumed>) = 4 [pid 5894] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5893] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5893] <... futex resumed>) = 0 [ 126.877925][ T5894] loop0: detected capacity change from 0 to 256 [ 126.913813][ T5894] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5893] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5893] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5893] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... set_robust_list resumed>) = 0 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5894] <... ioctl resumed>) = 0 [pid 5895] <... openat resumed>) = 5 [pid 5893] <... mmap resumed>) = 0x7f8a95dee000 [pid 5895] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... mprotect resumed>) = 0 [pid 5895] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5896] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5893] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5893] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5896] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5896] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] exit_group(0 [pid 5896] <... futex resumed>) = ? [pid 5895] <... futex resumed>) = ? [pid 5894] <... futex resumed>) = ? [pid 5893] <... exit_group resumed>) = ? [pid 5896] +++ exited with 0 +++ [pid 5895] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.137870][ T37] audit: type=1800 audit(1753855596.980:21): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=41 res=0 errno=0 newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached [pid 5897] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5897] chdir("./20" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5897 [pid 5897] <... chdir resumed>) = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5897] write(1, "executing program\n", 18) = 18 [pid 5897] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5897] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5898 attached => {parent_tid=[5898]}, 88) = 5898 [pid 5898] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... rseq resumed>) = 0 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] set_robust_list(0x7f8a95e509a0, 24 [pid 5897] <... futex resumed>) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5897] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5898] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5898] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5898] close(3) = 0 [pid 5898] close(4) = 0 [pid 5898] mkdir("./file2", 0777) = 0 [pid 5898] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5898] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./file2") = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.584421][ T5898] loop0: detected capacity change from 0 to 256 [pid 5898] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5898] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5897] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... openat resumed>) = 4 [pid 5898] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5898] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5897] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5897] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [ 127.626431][ T5898] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5897] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5899 attached [pid 5899] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5899] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5897] <... clone3 resumed> => {parent_tid=[5899]}, 88) = 5899 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5899] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5897] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... ioctl resumed>) = 0 [pid 5898] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... openat resumed>) = 5 [pid 5899] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5899] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5898] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5897] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] exit_group(0 [pid 5899] <... futex resumed>) = ? [pid 5898] <... futex resumed>) = ? [pid 5897] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 127.779313][ T37] audit: type=1800 audit(1753855597.620:22): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=43 res=0 errno=0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached , child_tidptr=0x55555c67f690) = 5900 [pid 5900] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5900] chdir("./21") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5900] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5901 attached [pid 5901] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5900] <... clone3 resumed> => {parent_tid=[5901]}, 88) = 5901 [pid 5901] <... rseq resumed>) = 0 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] set_robust_list(0x7f8a95e509a0, 24 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5900] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] <... futex resumed>) = 0 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5901] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5901] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file2", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5901] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file2") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 128.242139][ T5901] loop0: detected capacity change from 0 to 256 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5901] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5900] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... openat resumed>) = 4 [pid 5901] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5900] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.297973][ T5901] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5900] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5900] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5900] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5902 attached => {parent_tid=[5902]}, 88) = 5902 [pid 5902] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5902] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5902] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5900] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... ioctl resumed>) = 0 [pid 5901] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... openat resumed>) = 5 [pid 5902] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] <... futex resumed>) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5902] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5900] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5901] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5900] exit_group(0 [pid 5902] <... futex resumed>) = ? [pid 5900] <... exit_group resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 128.447365][ T37] audit: type=1800 audit(1753855598.290:23): pid=5902 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=45 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached , child_tidptr=0x55555c67f690) = 5903 [pid 5903] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5903] chdir("./22") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5903] write(1, "executing program\n", 18executing program ) = 18 [pid 5903] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5903] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5904 attached [pid 5904] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5904] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5903] <... clone3 resumed> => {parent_tid=[5904]}, 88) = 5904 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5903] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5904] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5904] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] close(4) = 0 [pid 5904] mkdir("./file2", 0777) = 0 [pid 5904] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 128.846410][ T5904] loop0: detected capacity change from 0 to 256 [pid 5904] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./file2") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5903] <... futex resumed>) = 0 [pid 5904] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5903] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... openat resumed>) = 4 [pid 5904] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5903] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5903] <... futex resumed>) = 0 [ 128.902950][ T5904] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5903] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5903] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5903] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5903] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... set_robust_list resumed>) = 0 [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] <... futex resumed>) = 0 [pid 5905] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5903] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... ioctl resumed>) = 0 [pid 5904] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... openat resumed>) = 5 [pid 5905] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5905] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5904] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5903] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] exit_group(0 [pid 5905] <... futex resumed>) = ? [pid 5904] <... futex resumed>) = ? [pid 5903] <... exit_group resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 129.108370][ T37] audit: type=1800 audit(1753855598.950:24): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=47 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached , child_tidptr=0x55555c67f690) = 5906 [pid 5906] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5906] chdir("./23") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5906] write(1, "executing program\n", 18) = 18 [pid 5906] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5906] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5906] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] set_robust_list(0x7f8a95e509a0, 24 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... set_robust_list resumed>) = 0 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] <... futex resumed>) = 0 [pid 5907] memfd_create("syzkaller", 0 [pid 5906] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] <... memfd_create resumed>) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5907] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5907] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file2", 0777) = 0 [pid 5907] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5907] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./file2") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 129.663506][ T5907] loop0: detected capacity change from 0 to 256 [pid 5906] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... openat resumed>) = 4 [pid 5907] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 129.698466][ T5907] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5907] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5906] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5906] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5906] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5908 attached [pid 5908] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5908] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5906] <... clone3 resumed> => {parent_tid=[5908]}, 88) = 5908 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5906] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... openat resumed>) = 5 [pid 5907] <... ioctl resumed>) = 0 [pid 5907] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 0 [pid 5908] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5906] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5907] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] exit_group(0 [pid 5908] <... futex resumed>) = ? [pid 5907] <... futex resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ [pid 5906] <... exit_group resumed>) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 129.866456][ T37] audit: type=1800 audit(1753855599.710:25): pid=5908 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=49 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached , child_tidptr=0x55555c67f690) = 5909 [pid 5909] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5909] chdir("./24") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] write(1, "executing program\n", 18executing program ) = 18 [pid 5909] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5909] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5910 attached => {parent_tid=[5910]}, 88) = 5910 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... rseq resumed>) = 0 [pid 5910] set_robust_list(0x7f8a95e509a0, 24 [pid 5909] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5910] <... set_robust_list resumed>) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5910] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5910] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file2", 0777) = 0 [pid 5910] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5910] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./file2") = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5910] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5909] <... futex resumed>) = 1 [pid 5910] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 130.416546][ T5910] loop0: detected capacity change from 0 to 256 [pid 5909] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... openat resumed>) = 4 [pid 5910] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5909] <... futex resumed>) = 0 [ 130.461295][ T5910] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5909] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5909] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5911 attached [pid 5911] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5909] <... clone3 resumed> => {parent_tid=[5911]}, 88) = 5911 [pid 5911] <... rseq resumed>) = 0 [pid 5911] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... ioctl resumed>) = 0 [pid 5909] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5910] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5910] <... futex resumed>) = 0 [pid 5909] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... openat resumed>) = 5 [pid 5911] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5909] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... futex resumed>) = 0 [pid 5909] <... futex resumed>) = 1 [pid 5910] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5909] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5910] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] exit_group(0) = ? [pid 5911] <... futex resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 130.630800][ T37] audit: type=1800 audit(1753855600.470:26): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=51 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5912 [pid 5912] chdir("./25") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] write(1, "executing program\n", 18executing program ) = 18 [pid 5912] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5912] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5913 attached [pid 5913] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5912] <... clone3 resumed> => {parent_tid=[5913]}, 88) = 5913 [pid 5913] set_robust_list(0x7f8a95e509a0, 24 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] <... set_robust_list resumed>) = 0 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... futex resumed>) = 0 [pid 5913] memfd_create("syzkaller", 0 [pid 5912] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] <... memfd_create resumed>) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5913] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5913] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file2", 0777) = 0 [pid 5913] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./file2") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5912] <... futex resumed>) = 0 [ 131.150628][ T5913] loop0: detected capacity change from 0 to 256 [pid 5912] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... openat resumed>) = 4 [pid 5913] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5913] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 131.200151][ T5913] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5912] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5912] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5912] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5914 attached [pid 5914] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5912] <... clone3 resumed> => {parent_tid=[5914]}, 88) = 5914 [pid 5914] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5912] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5912] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5913] <... ioctl resumed>) = 0 [pid 5914] <... openat resumed>) = 5 [pid 5913] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5912] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5913] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5912] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5913] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] exit_group(0 [pid 5913] <... futex resumed>) = ? [pid 5912] <... exit_group resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 131.366716][ T37] audit: type=1800 audit(1753855601.210:27): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=53 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached [pid 5915] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5915 [pid 5915] <... set_robust_list resumed>) = 0 [pid 5915] chdir("./26") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5915] write(1, "executing program\n", 18) = 18 [pid 5915] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5915] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5915] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] set_robust_list(0x7f8a95e509a0, 24 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... set_robust_list resumed>) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] <... futex resumed>) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5915] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5916] <... memfd_create resumed>) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5916] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5916] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] close(4) = 0 [pid 5916] mkdir("./file2", 0777) = 0 [pid 5916] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5916] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./file2") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 131.913071][ T5916] loop0: detected capacity change from 0 to 256 [pid 5916] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5916] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5915] <... futex resumed>) = 0 [ 131.946248][ T5916] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5915] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5915] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5915] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5917 attached [pid 5917] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5915] <... clone3 resumed> => {parent_tid=[5917]}, 88) = 5917 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5917] <... rseq resumed>) = 0 [pid 5915] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5915] <... futex resumed>) = 0 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5915] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5915] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5915] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5918] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5915] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5918] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5916] <... ioctl resumed>) = 0 [pid 5915] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 5917] <... openat resumed>) = 5 [pid 5916] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5916] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... futex resumed>) = ? [pid 5916] <... futex resumed>) = ? [pid 5915] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5917] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.156938][ T37] audit: type=1800 audit(1753855602.000:28): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=55 res=0 errno=0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x55555c67f690) = 5919 [pid 5919] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5919] chdir("./27") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] write(1, "executing program\n", 18executing program ) = 18 [pid 5919] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5919] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5920 attached [pid 5920] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5919] <... clone3 resumed> => {parent_tid=[5920]}, 88) = 5920 [pid 5920] set_robust_list(0x7f8a95e509a0, 24 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] <... set_robust_list resumed>) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... futex resumed>) = 0 [pid 5920] memfd_create("syzkaller", 0 [pid 5919] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5920] <... memfd_create resumed>) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5920] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5920] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5920] close(3) = 0 [pid 5920] close(4) = 0 [pid 5920] mkdir("./file2", 0777) = 0 [pid 5920] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5920] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file2") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5920] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5919] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... openat resumed>) = 4 [pid 5920] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5919] <... futex resumed>) = 0 [ 132.697619][ T5920] loop0: detected capacity change from 0 to 256 [ 132.734956][ T5920] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5919] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5919] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5919] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5921 attached => {parent_tid=[5921]}, 88) = 5921 [pid 5921] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] <... rseq resumed>) = 0 [pid 5921] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5919] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... futex resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5919] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5919] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] <... openat resumed>) = 5 [pid 5920] <... ioctl resumed>) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5920] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... mmap resumed>) = 0x7f8a95dee000 [pid 5921] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5922 attached [pid 5922] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 5919] <... clone3 resumed> => {parent_tid=[5922]}, 88) = 5922 [pid 5922] <... rseq resumed>) = 0 [pid 5922] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... set_robust_list resumed>) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5922] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5919] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5922] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5919] exit_group(0 [pid 5922] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... futex resumed>) = ? [pid 5919] <... exit_group resumed>) = ? [pid 5920] +++ exited with 0 +++ [pid 5922] <... futex resumed>) = ? [pid 5921] <... futex resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 132.946465][ T37] audit: type=1800 audit(1753855602.790:29): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=57 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached , child_tidptr=0x55555c67f690) = 5923 [pid 5923] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5923] chdir("./28") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] write(1, "executing program\n", 18executing program ) = 18 [pid 5923] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5923] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5924 attached [pid 5924] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5923] <... clone3 resumed> => {parent_tid=[5924]}, 88) = 5924 [pid 5924] set_robust_list(0x7f8a95e509a0, 24 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] <... set_robust_list resumed>) = 0 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5924] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5924] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file2", 0777) = 0 [pid 5924] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5924] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file2") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5924] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 133.403470][ T5924] loop0: detected capacity change from 0 to 256 [pid 5923] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5924] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5923] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... openat resumed>) = 4 [pid 5924] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5924] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 133.444749][ T5924] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5923] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5923] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5923] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5925 attached [pid 5925] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5923] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... openat resumed>) = 5 [pid 5924] <... ioctl resumed>) = 0 [pid 5924] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5923] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5924] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5924] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5924] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] exit_group(0 [pid 5924] <... futex resumed>) = ? [pid 5923] <... exit_group resumed>) = ? [pid 5924] +++ exited with 0 +++ [pid 5925] <... futex resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 133.620836][ T37] audit: type=1800 audit(1753855603.460:30): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=59 res=0 errno=0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x55555c67f690) = 5926 [pid 5926] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5926] chdir("./29") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] write(1, "executing program\n", 18executing program ) = 18 [pid 5926] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5926] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5927] set_robust_list(0x7f8a95e509a0, 24 [pid 5926] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] memfd_create("syzkaller", 0 [pid 5926] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... memfd_create resumed>) = 3 [pid 5926] <... futex resumed>) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5926] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5927] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./file2", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5927] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file2") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5927] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5926] <... futex resumed>) = 1 [pid 5927] <... openat resumed>) = 4 [pid 5926] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] <... futex resumed>) = 0 [pid 5926] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5926] <... futex resumed>) = 0 [ 134.081238][ T5927] loop0: detected capacity change from 0 to 256 [pid 5926] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [ 134.128454][ T5927] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5926] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5928 attached => {parent_tid=[5928]}, 88) = 5928 [pid 5928] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5926] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... futex resumed>) = 0 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5927] <... ioctl resumed>) = 0 [pid 5928] <... openat resumed>) = 5 [pid 5927] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5928] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5927] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5926] exit_group(0 [pid 5927] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... futex resumed>) = ? [pid 5927] <... futex resumed>) = ? [pid 5926] <... exit_group resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 134.266821][ T37] audit: type=1800 audit(1753855604.110:31): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=61 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5929] chdir("./30" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5929 [pid 5929] <... chdir resumed>) = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5929] write(1, "executing program\n", 18executing program ) = 18 [pid 5929] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5929] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5930 attached => {parent_tid=[5930]}, 88) = 5930 [pid 5930] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] <... rseq resumed>) = 0 [pid 5929] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] set_robust_list(0x7f8a95e509a0, 24 [pid 5929] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5930] <... set_robust_list resumed>) = 0 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5930] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5930] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./file2", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 134.794335][ T5930] loop0: detected capacity change from 0 to 256 [pid 5930] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file2") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... futex resumed>) = 0 [pid 5930] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5929] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... openat resumed>) = 4 [pid 5930] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5929] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5929] <... futex resumed>) = 0 [ 134.828006][ T5930] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5929] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5929] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5929] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5931 attached [pid 5931] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5929] <... clone3 resumed> => {parent_tid=[5931]}, 88) = 5931 [pid 5931] <... rseq resumed>) = 0 [pid 5931] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... ioctl resumed>) = 0 [pid 5931] <... openat resumed>) = 5 [pid 5930] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] <... futex resumed>) = 1 [pid 5929] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 0 [pid 5930] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5930] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] exit_group(0 [pid 5931] <... futex resumed>) = ? [pid 5931] +++ exited with 0 +++ [pid 5930] <... futex resumed>) = ? [pid 5929] <... exit_group resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 135.036745][ T37] audit: type=1800 audit(1753855604.880:32): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=63 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached , child_tidptr=0x55555c67f690) = 5932 [pid 5932] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5932] chdir("./31") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5932] write(1, "executing program\n", 18) = 18 [pid 5932] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5932] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5932] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] set_robust_list(0x7f8a95e509a0, 24 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... futex resumed>) = 0 [pid 5933] memfd_create("syzkaller", 0 [pid 5932] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] <... memfd_create resumed>) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5933] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5933] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./file2", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5933] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file2") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... openat resumed>) = 4 [pid 5933] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 135.543219][ T5933] loop0: detected capacity change from 0 to 256 [ 135.572161][ T5933] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5932] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5932] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5932] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5934 attached [pid 5934] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5932] <... clone3 resumed> => {parent_tid=[5934]}, 88) = 5934 [pid 5934] <... rseq resumed>) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... futex resumed>) = 0 [pid 5934] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5932] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... ioctl resumed>) = 0 [pid 5934] <... openat resumed>) = 5 [pid 5933] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5934] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5933] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5932] <... futex resumed>) = 0 [pid 5933] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5933] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] exit_group(0 [pid 5934] <... futex resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5933] <... futex resumed>) = ? [pid 5933] +++ exited with 0 +++ [pid 5932] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 135.766688][ T37] audit: type=1800 audit(1753855605.610:33): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=65 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 5935 ./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5935] chdir("./32") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] write(1, "executing program\n", 18executing program ) = 18 [pid 5935] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5935] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5936] set_robust_list(0x7f8a95e509a0, 24 [pid 5935] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] <... futex resumed>) = 0 [pid 5936] <... memfd_create resumed>) = 3 [pid 5935] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5936] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5936] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file2", 0777) = 0 [pid 5936] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5936] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file2") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.300369][ T5936] loop0: detected capacity change from 0 to 256 [pid 5936] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5935] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... openat resumed>) = 4 [pid 5936] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = 1 [pid 5935] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 136.349477][ T5936] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5935] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5935] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5937 attached => {parent_tid=[5937]}, 88) = 5937 [pid 5937] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] <... rseq resumed>) = 0 [pid 5937] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5935] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... futex resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5936] <... ioctl resumed>) = 0 [pid 5936] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... openat resumed>) = 5 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5937] <... futex resumed>) = 1 [pid 5937] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5935] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5936] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5936] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0 [pid 5937] <... futex resumed>) = ? [pid 5936] <... futex resumed>) = ? [pid 5935] <... exit_group resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 136.506885][ T37] audit: type=1800 audit(1753855606.350:34): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=67 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached , child_tidptr=0x55555c67f690) = 5938 [pid 5938] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5938] chdir("./33") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5938] write(1, "executing program\n", 18) = 18 [pid 5938] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5938] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] set_robust_list(0x7f8a95e509a0, 24 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] <... set_robust_list resumed>) = 0 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] memfd_create("syzkaller", 0 [pid 5938] <... futex resumed>) = 0 [pid 5939] <... memfd_create resumed>) = 3 [pid 5938] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5939] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5939] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./file2", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5939] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file2") = 0 [ 137.065082][ T5939] loop0: detected capacity change from 0 to 256 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = 0 [pid 5939] <... futex resumed>) = 1 [pid 5938] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 4 [pid 5939] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5938] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 137.112843][ T5939] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5938] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5938] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5938] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5940 attached [pid 5940] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5938] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5939] <... ioctl resumed>) = 0 [pid 5939] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... openat resumed>) = 5 [pid 5938] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5939] <... futex resumed>) = 0 [pid 5940] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5939] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5939] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5939] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5940] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] exit_group(0 [pid 5940] <... futex resumed>) = ? [pid 5939] <... futex resumed>) = ? [pid 5938] <... exit_group resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5939] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 137.316681][ T37] audit: type=1800 audit(1753855607.160:35): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=69 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5941] chdir("./34") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5941 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] write(1, "executing program\n", 18executing program ) = 18 [pid 5941] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5941] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] <... clone3 resumed> => {parent_tid=[5942]}, 88) = 5942 [pid 5942] set_robust_list(0x7f8a95e509a0, 24 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] <... memfd_create resumed>) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5942] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5942] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./file2", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5942] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file2") = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5942] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... openat resumed>) = 4 [pid 5942] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5941] <... futex resumed>) = 0 [ 137.798400][ T5942] loop0: detected capacity change from 0 to 256 [ 137.825412][ T5942] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5941] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5941] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5943 attached => {parent_tid=[5943]}, 88) = 5943 [pid 5943] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] <... rseq resumed>) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5941] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5941] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] <... openat resumed>) = 5 [pid 5942] <... ioctl resumed>) = 0 [pid 5943] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5942] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... mmap resumed>) = 0x7f8a95dee000 [pid 5943] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5944 attached [pid 5944] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5941] <... clone3 resumed> => {parent_tid=[5944]}, 88) = 5944 [pid 5944] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5941] <... futex resumed>) = 0 [pid 5944] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5941] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5941] exit_group(0 [pid 5944] ???( [pid 5942] <... futex resumed>) = ? [pid 5944] <... ??? resumed>) = ? [pid 5943] <... futex resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5941] <... exit_group resumed>) = ? [pid 5944] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.026581][ T37] audit: type=1800 audit(1753855607.870:36): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=71 res=0 errno=0 openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x55555c67f690) = 5945 [pid 5945] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5945] chdir("./35") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5945] write(1, "executing program\n", 18executing program ) = 18 [pid 5945] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5945] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5945] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rseq resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] set_robust_list(0x7f8a95e509a0, 24 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5945] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] <... futex resumed>) = 0 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5946] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5946] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./file2", 0777) = 0 [pid 5946] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5946] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./file2") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 138.509288][ T5946] loop0: detected capacity change from 0 to 256 [pid 5945] <... futex resumed>) = 0 [pid 5946] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5945] <... futex resumed>) = 0 [pid 5946] <... openat resumed>) = 4 [pid 5945] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5945] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5945] <... futex resumed>) = 0 [ 138.552527][ T5946] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5945] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5945] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5947 attached [pid 5947] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5945] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5947] <... rseq resumed>) = 0 [pid 5947] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] <... futex resumed>) = 0 [pid 5947] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5945] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... ioctl resumed>) = 0 [pid 5946] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... openat resumed>) = 5 [pid 5947] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5947] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5946] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5945] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5946] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5945] exit_group(0 [pid 5946] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... futex resumed>) = ? [pid 5945] <... exit_group resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5946] <... futex resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 138.728344][ T37] audit: type=1800 audit(1753855608.570:37): pid=5947 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=73 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5948 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5948] chdir("./36") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18executing program ) = 18 [pid 5948] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5948] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5949 attached [pid 5949] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5948] <... clone3 resumed> => {parent_tid=[5949]}, 88) = 5949 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] <... rseq resumed>) = 0 [pid 5948] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] set_robust_list(0x7f8a95e509a0, 24 [pid 5948] <... futex resumed>) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5948] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5949] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5949] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file2", 0777) = 0 [pid 5949] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5949] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file2") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5948] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... openat resumed>) = 4 [pid 5949] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5948] <... futex resumed>) = 0 [ 139.226738][ T5949] loop0: detected capacity change from 0 to 256 [ 139.257129][ T5949] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5948] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5948] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5948] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5950 attached [pid 5950] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5948] <... clone3 resumed> => {parent_tid=[5950]}, 88) = 5950 [pid 5950] <... rseq resumed>) = 0 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5948] <... futex resumed>) = 0 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5948] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5950] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5949] <... ioctl resumed>) = 0 [pid 5950] <... openat resumed>) = 5 [pid 5949] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5949] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5950] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5948] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5949] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... futex resumed>) = 0 [pid 5948] exit_group(0 [pid 5950] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5950] +++ exited with 0 +++ [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 139.409820][ T37] audit: type=1800 audit(1753855609.250:38): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=75 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5951] chdir("./37" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5951 [pid 5951] <... chdir resumed>) = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] write(1, "executing program\n", 18) = 18 executing program [pid 5951] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5951] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5951] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5952 attached => {parent_tid=[5952]}, 88) = 5952 [pid 5952] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] <... rseq resumed>) = 0 [pid 5952] set_robust_list(0x7f8a95e509a0, 24 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5951] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5952] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5952] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] close(4) = 0 [pid 5952] mkdir("./file2", 0777) = 0 [pid 5952] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 139.867397][ T5952] loop0: detected capacity change from 0 to 256 [pid 5952] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./file2") = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5952] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5951] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... openat resumed>) = 4 [pid 5952] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5952] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 1 [pid 5952] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 139.913055][ T5952] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5951] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5951] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5951] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5953 attached => {parent_tid=[5953]}, 88) = 5953 [pid 5953] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... rseq resumed>) = 0 [pid 5953] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5951] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] <... futex resumed>) = 0 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5952] <... ioctl resumed>) = 0 [pid 5952] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... openat resumed>) = 5 [pid 5953] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 0 [pid 5952] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5952] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5951] exit_group(0 [pid 5953] <... futex resumed>) = ? [pid 5953] +++ exited with 0 +++ [pid 5951] <... exit_group resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.107737][ T37] audit: type=1800 audit(1753855609.950:39): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=77 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5954] chdir("./38") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5954 [pid 5954] <... prctl resumed>) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] write(1, "executing program\n", 18executing program ) = 18 [pid 5954] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5954] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5955 attached [pid 5955] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5954] <... clone3 resumed> => {parent_tid=[5955]}, 88) = 5955 [pid 5955] set_robust_list(0x7f8a95e509a0, 24 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] <... set_robust_list resumed>) = 0 [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5954] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] <... futex resumed>) = 0 [pid 5955] memfd_create("syzkaller", 0 [pid 5954] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] <... memfd_create resumed>) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5955] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5955] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] close(4) = 0 [pid 5955] mkdir("./file2", 0777) = 0 [pid 5955] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5955] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file2") = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5955] <... futex resumed>) = 1 [pid 5954] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... openat resumed>) = 4 [pid 5955] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 0 [ 140.548435][ T5955] loop0: detected capacity change from 0 to 256 [ 140.575717][ T5955] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5955] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5954] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5954] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5954] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5956 attached [pid 5956] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5954] <... clone3 resumed> => {parent_tid=[5956]}, 88) = 5956 [pid 5956] <... rseq resumed>) = 0 [pid 5956] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... set_robust_list resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5954] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... ioctl resumed>) = 0 [pid 5955] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... openat resumed>) = 5 [pid 5955] <... futex resumed>) = 0 [pid 5956] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... futex resumed>) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5956] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5955] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5954] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5955] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] exit_group(0) = ? [pid 5955] <... futex resumed>) = ? [pid 5956] <... futex resumed>) = ? [pid 5956] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 140.796690][ T37] audit: type=1800 audit(1753855610.640:40): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=79 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached [pid 5957] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5957] chdir("./39") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5957 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5957] write(1, "executing program\n", 18) = 18 [pid 5957] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5957] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[5958]}, 88) = 5958 ./strace-static-x86_64: Process 5958 attached [pid 5958] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5957] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... rseq resumed>) = 0 [pid 5958] set_robust_list(0x7f8a95e509a0, 24 [pid 5957] <... futex resumed>) = 0 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5957] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5958] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5958] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] close(4) = 0 [pid 5958] mkdir("./file2", 0777) = 0 [pid 5958] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5958] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./file2") = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5958] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... openat resumed>) = 4 [pid 5958] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5957] <... futex resumed>) = 0 [ 141.301519][ T5958] loop0: detected capacity change from 0 to 256 [ 141.331592][ T5958] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5957] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5957] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5957] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5959 attached [pid 5959] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5959] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] <... clone3 resumed> => {parent_tid=[5959]}, 88) = 5959 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5957] <... futex resumed>) = 1 [pid 5957] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... ioctl resumed>) = 0 [pid 5959] <... openat resumed>) = 5 [pid 5958] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5958] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5957] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5958] <... futex resumed>) = 0 [pid 5957] exit_group(0 [pid 5958] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... exit_group resumed>) = ? [pid 5959] <... futex resumed>) = ? [pid 5958] <... futex resumed>) = ? [pid 5959] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 141.516686][ T37] audit: type=1800 audit(1753855611.360:41): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=81 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5962 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5962] chdir("./40") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] write(1, "executing program\n", 18executing program ) = 18 [pid 5962] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5962] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] set_robust_list(0x7f8a95e509a0, 24 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] <... futex resumed>) = 0 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... memfd_create resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5963] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5963] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./file2", 0777) = 0 [pid 5963] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5963] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./file2") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... openat resumed>) = 4 [pid 5963] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = 1 [pid 5962] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5962] <... futex resumed>) = 0 [ 142.042896][ T5963] loop0: detected capacity change from 0 to 256 [ 142.070555][ T5963] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5962] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5962] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5964 attached => {parent_tid=[5964]}, 88) = 5964 [pid 5964] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] <... futex resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5962] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... ioctl resumed>) = 0 [pid 5964] <... openat resumed>) = 5 [pid 5964] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5962] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5963] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] exit_group(0 [pid 5963] <... futex resumed>) = ? [pid 5962] <... exit_group resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 142.246543][ T37] audit: type=1800 audit(1753855612.090:42): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=83 res=0 errno=0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached [pid 5967] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5967] chdir("./41") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5967 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5967] write(1, "executing program\n", 18executing program ) = 18 [pid 5967] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5967] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5968 attached => {parent_tid=[5968]}, 88) = 5968 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] <... rseq resumed>) = 0 [pid 5968] set_robust_list(0x7f8a95e509a0, 24 [pid 5967] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5968] <... set_robust_list resumed>) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5968] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5968] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./file2", 0777) = 0 [pid 5968] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5968] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./file2") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5968] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... openat resumed>) = 4 [pid 5968] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5967] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 142.709502][ T5968] loop0: detected capacity change from 0 to 256 [ 142.736270][ T5968] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5967] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5967] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5967] <... clone3 resumed> => {parent_tid=[5969]}, 88) = 5969 [pid 5969] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] <... set_robust_list resumed>) = 0 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5967] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... ioctl resumed>) = 0 [pid 5969] <... openat resumed>) = 5 [pid 5968] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5969] <... futex resumed>) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5969] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5967] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5968] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] exit_group(0 [pid 5969] <... futex resumed>) = ? [pid 5968] <... futex resumed>) = ? [pid 5967] <... exit_group resumed>) = ? [pid 5969] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 142.886664][ T37] audit: type=1800 audit(1753855612.730:43): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=85 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached [pid 5971] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5971 [pid 5971] chdir("./42") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] write(1, "executing program\n", 18executing program ) = 18 [pid 5971] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5971] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5972 attached [pid 5972] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5971] <... clone3 resumed> => {parent_tid=[5972]}, 88) = 5972 [pid 5972] set_robust_list(0x7f8a95e509a0, 24 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5972] <... set_robust_list resumed>) = 0 [pid 5972] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] memfd_create("syzkaller", 0 [pid 5971] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... memfd_create resumed>) = 3 [pid 5971] <... futex resumed>) = 0 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5971] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5972] <... mmap resumed>) = 0x7f8a8da30000 [pid 5972] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5972] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] close(4) = 0 [pid 5972] mkdir("./file2", 0777) = 0 [pid 5972] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5972] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./file2") = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5972] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5971] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5972] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5971] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 143.416487][ T5972] loop0: detected capacity change from 0 to 256 [ 143.453508][ T5972] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5971] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5971] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5971] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5973 attached => {parent_tid=[5973]}, 88) = 5973 [pid 5973] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5973] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5971] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] <... futex resumed>) = 0 [pid 5973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5971] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5972] <... ioctl resumed>) = 0 [pid 5973] <... openat resumed>) = 5 [pid 5972] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5973] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5972] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5971] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] exit_group(0 [pid 5973] <... futex resumed>) = ? [pid 5972] <... futex resumed>) = ? [pid 5973] +++ exited with 0 +++ [pid 5971] <... exit_group resumed>) = ? [pid 5972] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.636693][ T37] audit: type=1800 audit(1753855613.480:44): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=87 res=0 errno=0 newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached [pid 5974] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5974] chdir("./43") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5974 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] write(1, "executing program\n", 18executing program ) = 18 [pid 5974] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5974] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5974] <... clone3 resumed> => {parent_tid=[5975]}, 88) = 5975 [pid 5975] <... rseq resumed>) = 0 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] set_robust_list(0x7f8a95e509a0, 24 [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5975] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5975] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5975] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./file2", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file2") = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = 1 [pid 5974] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... openat resumed>) = 4 [pid 5975] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5975] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 144.058963][ T5975] loop0: detected capacity change from 0 to 256 [ 144.092709][ T5975] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5974] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5974] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5974] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5976 attached [pid 5976] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5974] <... clone3 resumed> => {parent_tid=[5976]}, 88) = 5976 [pid 5976] <... rseq resumed>) = 0 [pid 5976] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5974] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... ioctl resumed>) = 0 [pid 5975] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... openat resumed>) = 5 [pid 5975] <... futex resumed>) = 0 [pid 5976] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5975] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5975] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] exit_group(0 [pid 5975] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5976] <... futex resumed>) = ? [pid 5976] +++ exited with 0 +++ [pid 5975] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 144.266582][ T37] audit: type=1800 audit(1753855614.110:45): pid=5976 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=89 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached , child_tidptr=0x55555c67f690) = 5978 [pid 5978] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5978] chdir("./44") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] write(1, "executing program\n", 18executing program ) = 18 [pid 5978] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5978] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5979 attached [pid 5979] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5978] <... clone3 resumed> => {parent_tid=[5979]}, 88) = 5979 [pid 5979] set_robust_list(0x7f8a95e509a0, 24 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5979] <... set_robust_list resumed>) = 0 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5979] memfd_create("syzkaller", 0 [pid 5978] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5979] <... memfd_create resumed>) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5979] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5979] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] close(4) = 0 [pid 5979] mkdir("./file2", 0777) = 0 [pid 5979] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5979] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./file2") = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5979] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5978] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... openat resumed>) = 4 [pid 5979] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5978] <... futex resumed>) = 0 [ 144.841291][ T5979] loop0: detected capacity change from 0 to 256 [ 144.867189][ T5979] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5978] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5978] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5978] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5980 attached [pid 5980] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5978] <... clone3 resumed> => {parent_tid=[5980]}, 88) = 5980 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5980] <... rseq resumed>) = 0 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5978] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5980] <... set_robust_list resumed>) = 0 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5979] <... ioctl resumed>) = 0 [pid 5980] <... openat resumed>) = 5 [pid 5979] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5980] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5978] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5979] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] exit_group(0 [pid 5980] <... futex resumed>) = ? [pid 5979] <... futex resumed>) = ? [pid 5978] <... exit_group resumed>) = ? [pid 5980] +++ exited with 0 +++ [pid 5979] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 145.046826][ T37] audit: type=1800 audit(1753855614.890:46): pid=5980 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=91 res=0 errno=0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5981 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5981] chdir("./45") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5981] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5981] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5982 attached => {parent_tid=[5982]}, 88) = 5982 [pid 5982] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] <... rseq resumed>) = 0 [pid 5981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5982] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5981] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5981] <... futex resumed>) = 0 [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5981] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5982] memfd_create("syzkaller", 0) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5982] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5982] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5982] close(3) = 0 [pid 5982] close(4) = 0 [pid 5982] mkdir("./file2", 0777) = 0 [pid 5982] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5982] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5982] chdir("./file2") = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5982] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5982] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 0 [pid 5982] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5981] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... openat resumed>) = 4 [pid 5982] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5982] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5981] <... futex resumed>) = 0 [ 145.500797][ T5982] loop0: detected capacity change from 0 to 256 [ 145.528694][ T5982] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5981] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5981] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5981] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5983 attached [pid 5983] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5981] <... clone3 resumed> => {parent_tid=[5983]}, 88) = 5983 [pid 5983] <... rseq resumed>) = 0 [pid 5983] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] <... set_robust_list resumed>) = 0 [pid 5981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5981] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5981] <... futex resumed>) = 0 [pid 5983] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5981] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5981] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5981] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5982] <... ioctl resumed>) = 0 [pid 5981] <... mprotect resumed>) = 0 [pid 5983] <... openat resumed>) = 5 [pid 5981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 5983] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5982] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5984 attached [pid 5983] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... clone3 resumed> => {parent_tid=[5984]}, 88) = 5984 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5984] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5984] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5984] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5984] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] exit_group(0 [pid 5984] <... futex resumed>) = ? [pid 5983] <... futex resumed>) = ? [pid 5982] <... futex resumed>) = ? [pid 5981] <... exit_group resumed>) = ? [pid 5984] +++ exited with 0 +++ [pid 5982] +++ exited with 0 +++ [pid 5983] +++ exited with 0 +++ [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 145.767154][ T37] audit: type=1800 audit(1753855615.610:47): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=93 res=0 errno=0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached [pid 5985] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5985] chdir("./46" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5985 [pid 5985] <... chdir resumed>) = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5985] write(1, "executing program\n", 18) = 18 [pid 5985] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5985] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5986 attached [pid 5986] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5985] <... clone3 resumed> => {parent_tid=[5986]}, 88) = 5986 [pid 5986] set_robust_list(0x7f8a95e509a0, 24 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... set_robust_list resumed>) = 0 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... futex resumed>) = 0 [pid 5986] memfd_create("syzkaller", 0 [pid 5985] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5986] <... memfd_create resumed>) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5986] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5986] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5986] close(3) = 0 [pid 5986] close(4) = 0 [pid 5986] mkdir("./file2", 0777) = 0 [pid 5986] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5986] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./file2") = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5986] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5985] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5985] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... openat resumed>) = 4 [pid 5986] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5986] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5986] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 146.326395][ T5986] loop0: detected capacity change from 0 to 256 [pid 5985] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 146.365701][ T5986] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5985] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5985] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5987 attached [pid 5987] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5985] <... clone3 resumed> => {parent_tid=[5987]}, 88) = 5987 [pid 5987] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... futex resumed>) = 0 [pid 5987] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5985] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... ioctl resumed>) = 0 [pid 5986] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] <... openat resumed>) = 5 [pid 5987] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5987] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5986] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5985] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5986] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] exit_group(0 [pid 5987] <... futex resumed>) = ? [pid 5986] <... futex resumed>) = ? [pid 5985] <... exit_group resumed>) = ? [pid 5987] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 146.507756][ T37] audit: type=1800 audit(1753855616.350:48): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=95 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5988 [pid 5988] chdir("./47") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] write(1, "executing program\n", 18executing program ) = 18 [pid 5988] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5988] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5989 attached [pid 5989] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5988] <... clone3 resumed> => {parent_tid=[5989]}, 88) = 5989 [pid 5989] <... rseq resumed>) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] set_robust_list(0x7f8a95e509a0, 24 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5988] <... futex resumed>) = 0 [pid 5989] memfd_create("syzkaller", 0 [pid 5988] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5989] <... memfd_create resumed>) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5989] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5989] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./file2", 0777) = 0 [pid 5989] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5989] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./file2") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 0 [pid 5988] <... futex resumed>) = 1 [pid 5989] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5988] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... openat resumed>) = 4 [pid 5989] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] <... futex resumed>) = 0 [ 147.005212][ T5989] loop0: detected capacity change from 0 to 256 [pid 5989] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 147.038267][ T5989] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5988] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5988] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5988] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5990 attached => {parent_tid=[5990]}, 88) = 5990 [pid 5990] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] <... futex resumed>) = 0 [pid 5990] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5988] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5988] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5989] <... ioctl resumed>) = 0 [pid 5988] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5989] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... mprotect resumed>) = 0 [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5990] <... openat resumed>) = 5 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5990] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5990] <... futex resumed>) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5991 attached [pid 5990] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5988] <... clone3 resumed> => {parent_tid=[5991]}, 88) = 5991 [pid 5991] set_robust_list(0x7f8a95e0e9a0, 24 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5991] <... set_robust_list resumed>) = 0 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] <... futex resumed>) = 0 [pid 5991] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5988] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5991] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5991] <... futex resumed>) = 1 [pid 5988] exit_group(0 [pid 5991] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5990] <... futex resumed>) = ? [pid 5991] +++ exited with 0 +++ [pid 5990] +++ exited with 0 +++ [pid 5988] <... exit_group resumed>) = ? [pid 5989] <... futex resumed>) = ? [pid 5989] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 147.203790][ T37] audit: type=1800 audit(1753855617.040:49): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=97 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5992 attached , child_tidptr=0x55555c67f690) = 5992 [pid 5992] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5992] chdir("./48") = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] write(1, "executing program\n", 18executing program ) = 18 [pid 5992] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5992] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5993 attached [pid 5993] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 5992] <... clone3 resumed> => {parent_tid=[5993]}, 88) = 5993 [pid 5993] <... rseq resumed>) = 0 [pid 5993] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5993] memfd_create("syzkaller", 0 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5993] <... memfd_create resumed>) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5993] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5993] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] close(4) = 0 [pid 5993] mkdir("./file2", 0777) = 0 [pid 5993] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5993] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file2") = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5993] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 1 [pid 5993] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5993] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5993] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 147.787334][ T5993] loop0: detected capacity change from 0 to 256 [pid 5993] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5992] <... futex resumed>) = 0 [ 147.830086][ T5993] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5992] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5992] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5992] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5994 attached [pid 5994] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5994] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5992] <... clone3 resumed> => {parent_tid=[5994]}, 88) = 5994 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5992] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5992] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5992] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 5994] <... openat resumed>) = 5 [pid 5993] <... ioctl resumed>) = 0 [pid 5992] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 5993] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... mprotect resumed>) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 5995 attached [pid 5995] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 5995] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 5992] <... clone3 resumed> => {parent_tid=[5995]}, 88) = 5995 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5992] <... futex resumed>) = 0 [pid 5995] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5992] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5995] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5992] <... futex resumed>) = 0 [pid 5995] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] exit_group(0 [pid 5995] <... futex resumed>) = ? [pid 5994] <... futex resumed>) = ? [pid 5992] <... exit_group resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ [pid 5993] <... futex resumed>) = ? [pid 5993] +++ exited with 0 +++ [pid 5992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 148.007224][ T37] audit: type=1800 audit(1753855617.850:50): pid=5994 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=99 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5996 attached , child_tidptr=0x55555c67f690) = 5996 [pid 5996] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5996] chdir("./49") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] write(1, "executing program\n", 18executing program ) = 18 [pid 5996] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5996] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 5997 attached [pid 5997] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 5996] <... clone3 resumed> => {parent_tid=[5997]}, 88) = 5997 [pid 5997] set_robust_list(0x7f8a95e509a0, 24 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] <... set_robust_list resumed>) = 0 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] memfd_create("syzkaller", 0 [pid 5996] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5997] <... memfd_create resumed>) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 5997] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5997] munmap(0x7f8a8da30000, 138412032) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5997] mkdir("./file2", 0777) = 0 [pid 5997] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 5997] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./file2") = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 148.472354][ T5997] loop0: detected capacity change from 0 to 256 [pid 5997] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [pid 5997] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5996] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... openat resumed>) = 4 [pid 5997] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... futex resumed>) = 0 [pid 5997] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5996] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 148.522420][ T5997] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5996] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 5998 attached [pid 5998] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5996] <... clone3 resumed> => {parent_tid=[5998]}, 88) = 5998 [pid 5998] set_robust_list(0x7f8a95e2f9a0, 24 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] <... set_robust_list resumed>) = 0 [pid 5996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] <... futex resumed>) = 0 [pid 5998] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5996] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... ioctl resumed>) = 0 [pid 5997] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... openat resumed>) = 5 [pid 5996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5996] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 0 [pid 5996] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 5997] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] exit_group(0 [pid 5998] <... futex resumed>) = ? [pid 5997] <... futex resumed>) = ? [pid 5996] <... exit_group resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 148.696780][ T37] audit: type=1800 audit(1753855618.540:51): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=101 res=0 errno=0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 5999 [pid 5999] <... set_robust_list resumed>) = 0 [pid 5999] chdir("./50") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] write(1, "executing program\n", 18executing program ) = 18 [pid 5999] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 5999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 5999] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6000 attached [pid 6000] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6000] set_robust_list(0x7f8a95e509a0, 24 [pid 5999] <... clone3 resumed> => {parent_tid=[6000]}, 88) = 6000 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6000] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] memfd_create("syzkaller", 0 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] <... memfd_create resumed>) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6000] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6000] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] close(4) = 0 [pid 6000] mkdir("./file2", 0777) = 0 [pid 6000] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 149.167168][ T6000] loop0: detected capacity change from 0 to 256 [pid 6000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./file2") = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6000] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6000] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5999] <... futex resumed>) = 0 [ 149.214684][ T6000] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 5999] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... openat resumed>) = 4 [pid 6000] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5999] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 5999] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6001 attached [pid 6001] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 5999] <... clone3 resumed> => {parent_tid=[6001]}, 88) = 6001 [pid 6001] <... rseq resumed>) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6001] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5999] <... futex resumed>) = 0 [pid 6001] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 5999] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6001] <... openat resumed>) = 5 [pid 6001] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6001] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] <... futex resumed>) = 0 [pid 6001] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 5999] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6001] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6000] <... ioctl resumed>) = 0 [pid 6000] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] <... futex resumed>) = 0 [pid 5999] exit_group(0 [pid 6001] <... futex resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5999] <... exit_group resumed>) = ? [pid 6001] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6002 attached , child_tidptr=0x55555c67f690) = 6002 [pid 6002] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6002] chdir("./51") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6002] write(1, "executing program\n", 18) = 18 [pid 6002] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6002] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6003 attached [pid 6003] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6002] <... clone3 resumed> => {parent_tid=[6003]}, 88) = 6003 [pid 6003] set_robust_list(0x7f8a95e509a0, 24 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... set_robust_list resumed>) = 0 [pid 6002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 6002] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] memfd_create("syzkaller", 0 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6003] <... memfd_create resumed>) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6003] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6003] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] close(4) = 0 [pid 6003] mkdir("./file2", 0777) = 0 [pid 6003] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 149.923657][ T6003] loop0: detected capacity change from 0 to 256 [pid 6003] chdir("./file2") = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6003] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... openat resumed>) = 4 [pid 6003] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6002] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 149.962603][ T6003] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6003] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6002] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6002] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6004 attached [pid 6004] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6002] <... clone3 resumed> => {parent_tid=[6004]}, 88) = 6004 [pid 6004] <... rseq resumed>) = 0 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6002] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6004] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6002] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... ioctl resumed>) = 0 [pid 6003] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... openat resumed>) = 5 [pid 6003] <... futex resumed>) = 0 [pid 6004] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 6004] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6002] <... futex resumed>) = 1 [pid 6003] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6002] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6003] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] exit_group(0 [pid 6003] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6003] +++ exited with 0 +++ [pid 6004] <... futex resumed>) = ? [pid 6002] <... exit_group resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 6002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 150.156697][ T37] audit: type=1800 audit(1753855620.000:52): pid=6004 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=105 res=0 errno=0 unlink("./51/binderfs") = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached , child_tidptr=0x55555c67f690) = 6005 [pid 6005] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6005] chdir("./52") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] write(1, "executing program\n", 18executing program ) = 18 [pid 6005] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6005] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6005] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6006 attached [pid 6006] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6005] <... clone3 resumed> => {parent_tid=[6006]}, 88) = 6006 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] <... rseq resumed>) = 0 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6005] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] <... futex resumed>) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6006] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6006] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./file2", 0777) = 0 [pid 6006] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 150.674894][ T6006] loop0: detected capacity change from 0 to 256 [pid 6006] chdir("./file2") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6006] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6005] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... openat resumed>) = 4 [pid 6006] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6005] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6005] <... futex resumed>) = 0 [ 150.717460][ T6006] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6005] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6005] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6007 attached [pid 6007] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6007] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6005] <... clone3 resumed> => {parent_tid=[6007]}, 88) = 6007 [pid 6007] <... set_robust_list resumed>) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6005] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... ioctl resumed>) = 0 [pid 6006] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... openat resumed>) = 5 [pid 6007] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 0 [pid 6007] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6005] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6006] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] exit_group(0 [pid 6007] <... futex resumed>) = ? [pid 6005] <... exit_group resumed>) = ? [pid 6006] <... futex resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 6006] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 150.906844][ T37] audit: type=1800 audit(1753855620.750:53): pid=6007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=107 res=0 errno=0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached , child_tidptr=0x55555c67f690) = 6008 [pid 6008] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6008] chdir("./53") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] write(1, "executing program\n", 18executing program ) = 18 [pid 6008] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6008] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6009 attached [pid 6009] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6008] <... clone3 resumed> => {parent_tid=[6009]}, 88) = 6009 [pid 6009] <... rseq resumed>) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] set_robust_list(0x7f8a95e509a0, 24 [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6008] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6009] memfd_create("syzkaller", 0 [pid 6008] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] <... memfd_create resumed>) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6009] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6009] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file2", 0777) = 0 [pid 6009] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file2") = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6009] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6009] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 1 [pid 6008] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6008] <... futex resumed>) = 0 [ 151.475138][ T6009] loop0: detected capacity change from 0 to 256 [ 151.497214][ T6009] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6008] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6008] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6010] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6008] <... clone3 resumed> => {parent_tid=[6010]}, 88) = 6010 [pid 6010] <... set_robust_list resumed>) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... openat resumed>) = 5 [pid 6009] <... ioctl resumed>) = 0 [pid 6010] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 0 [pid 6009] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6010] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... futex resumed>) = 0 [pid 6008] <... mmap resumed>) = 0x7f8a95dee000 [pid 6008] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6009] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... mprotect resumed>) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6011 attached [pid 6011] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6008] <... clone3 resumed> => {parent_tid=[6011]}, 88) = 6011 [pid 6011] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6011] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6011] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] exit_group(0 [pid 6011] <... futex resumed>) = ? [pid 6010] <... futex resumed>) = ? [pid 6009] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6011] +++ exited with 0 +++ [pid 6010] +++ exited with 0 +++ [pid 6009] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 151.676321][ T37] audit: type=1800 audit(1753855621.520:54): pid=6010 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=109 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6012 attached , child_tidptr=0x55555c67f690) = 6012 [pid 6012] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6012] chdir("./54") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6012] write(1, "executing program\n", 18) = 18 [pid 6012] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6012] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6013 attached [pid 6013] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6012] <... clone3 resumed> => {parent_tid=[6013]}, 88) = 6013 [pid 6013] <... rseq resumed>) = 0 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], [pid 6012] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6012] <... futex resumed>) = 0 [pid 6013] memfd_create("syzkaller", 0 [pid 6012] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6013] <... memfd_create resumed>) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6013] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6013] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] close(4) = 0 [pid 6013] mkdir("./file2", 0777) = 0 [pid 6013] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6013] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file2") = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6013] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6013] <... futex resumed>) = 1 [pid 6012] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] <... openat resumed>) = 4 [pid 6013] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6012] <... futex resumed>) = 0 [ 152.258470][ T6013] loop0: detected capacity change from 0 to 256 [ 152.289806][ T6013] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6012] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6012] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6012] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6014 attached [pid 6014] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6012] <... clone3 resumed> => {parent_tid=[6014]}, 88) = 6014 [pid 6014] <... rseq resumed>) = 0 [pid 6014] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6014] <... set_robust_list resumed>) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6012] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6014] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6013] <... ioctl resumed>) = 0 [pid 6013] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... openat resumed>) = 5 [pid 6014] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6014] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6012] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6013] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6013] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] exit_group(0 [pid 6013] <... futex resumed>) = ? [pid 6013] +++ exited with 0 +++ [pid 6014] <... futex resumed>) = ? [pid 6012] <... exit_group resumed>) = ? [pid 6014] +++ exited with 0 +++ [pid 6012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 152.468380][ T37] audit: type=1800 audit(1753855622.310:55): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=111 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6015] chdir("./55") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6015 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6015] write(1, "executing program\n", 18executing program ) = 18 [pid 6015] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6015] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6016 attached [pid 6016] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6015] <... clone3 resumed> => {parent_tid=[6016]}, 88) = 6016 [pid 6016] set_robust_list(0x7f8a95e509a0, 24 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6016] <... set_robust_list resumed>) = 0 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6016] memfd_create("syzkaller", 0) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6016] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6016] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 6016] mkdir("./file2", 0777) = 0 [pid 6016] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6016] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6016] chdir("./file2") = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6016] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6016] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6015] <... futex resumed>) = 0 [ 152.962181][ T6016] loop0: detected capacity change from 0 to 256 [ 152.988959][ T6016] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6015] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6015] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6015] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6017 attached => {parent_tid=[6017]}, 88) = 6017 [pid 6017] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6017] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] <... set_robust_list resumed>) = 0 [pid 6015] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... futex resumed>) = 0 [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6016] <... ioctl resumed>) = 0 [pid 6017] <... openat resumed>) = 5 [pid 6016] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6017] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6016] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6015] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] exit_group(0) = ? [pid 6017] <... futex resumed>) = ? [pid 6016] <... futex resumed>) = ? [pid 6017] +++ exited with 0 +++ [pid 6016] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 153.146831][ T37] audit: type=1800 audit(1753855622.990:56): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=113 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached , child_tidptr=0x55555c67f690) = 6018 [pid 6018] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6018] chdir("./56") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6018] write(1, "executing program\n", 18) = 18 [pid 6018] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6018] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6019 attached => {parent_tid=[6019]}, 88) = 6019 [pid 6019] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] <... rseq resumed>) = 0 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] set_robust_list(0x7f8a95e509a0, 24 [pid 6018] <... futex resumed>) = 0 [pid 6019] <... set_robust_list resumed>) = 0 [pid 6018] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6019] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6019] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./file2", 0777) = 0 [pid 6019] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6019] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file2") = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6019] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6018] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... openat resumed>) = 4 [pid 6019] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6018] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6018] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [ 153.708324][ T6019] loop0: detected capacity change from 0 to 256 [ 153.735221][ T6019] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6018] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6020 attached [pid 6020] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6020] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6018] <... clone3 resumed> => {parent_tid=[6020]}, 88) = 6020 [pid 6020] <... set_robust_list resumed>) = 0 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... ioctl resumed>) = 0 [pid 6019] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... openat resumed>) = 5 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6019] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6018] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6019] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] exit_group(0 [pid 6020] <... futex resumed>) = ? [pid 6019] <... futex resumed>) = ? [pid 6018] <... exit_group resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6019] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 153.886849][ T37] audit: type=1800 audit(1753855623.730:57): pid=6020 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=115 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x55555c67f690) = 6021 [pid 6021] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6021] chdir("./57") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6021] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6022 attached => {parent_tid=[6022]}, 88) = 6022 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6021] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6022] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6022] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6022] memfd_create("syzkaller", 0) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6022] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6022] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6022] close(3) = 0 [pid 6022] close(4) = 0 [pid 6022] mkdir("./file2", 0777) = 0 [pid 6022] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6022] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6022] chdir("./file2") = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 154.323949][ T6022] loop0: detected capacity change from 0 to 256 [pid 6022] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 154.357372][ T6022] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6022] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6021] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6021] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6023 attached [pid 6023] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6023] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6021] <... clone3 resumed> => {parent_tid=[6023]}, 88) = 6023 [pid 6023] <... set_robust_list resumed>) = 0 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6021] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... ioctl resumed>) = 0 [pid 6023] <... openat resumed>) = 5 [pid 6022] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = 0 [pid 6023] <... futex resumed>) = 1 [pid 6021] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6021] <... futex resumed>) = 0 [pid 6022] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6022] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6021] exit_group(0) = ? [pid 6023] <... futex resumed>) = ? [pid 6022] <... futex resumed>) = ? [pid 6023] +++ exited with 0 +++ [pid 6022] +++ exited with 0 +++ [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 154.566674][ T37] audit: type=1800 audit(1753855624.410:58): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=117 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached , child_tidptr=0x55555c67f690) = 6024 [pid 6024] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6024] chdir("./58") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6024] write(1, "executing program\n", 18executing program ) = 18 [pid 6024] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6024] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6025 attached [pid 6025] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6024] <... clone3 resumed> => {parent_tid=[6025]}, 88) = 6025 [pid 6025] <... rseq resumed>) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] set_robust_list(0x7f8a95e509a0, 24 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6024] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] <... futex resumed>) = 0 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6025] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6025] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./file2", 0777) = 0 [pid 6025] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6025] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./file2") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6025] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6024] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... openat resumed>) = 4 [pid 6025] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 155.126312][ T6025] loop0: detected capacity change from 0 to 256 [ 155.154640][ T6025] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6024] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6024] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6024] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6026 attached [pid 6026] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6024] <... clone3 resumed> => {parent_tid=[6026]}, 88) = 6026 [pid 6026] <... rseq resumed>) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6026] <... set_robust_list resumed>) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] <... futex resumed>) = 0 [pid 6026] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6024] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6024] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] <... openat resumed>) = 5 [pid 6025] <... ioctl resumed>) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6026] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... mmap resumed>) = 0x7f8a95dee000 [pid 6026] <... futex resumed>) = 0 [pid 6025] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6026] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... mprotect resumed>) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6027] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6024] <... clone3 resumed> => {parent_tid=[6027]}, 88) = 6027 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6024] <... futex resumed>) = 0 [pid 6027] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6027] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] exit_group(0 [pid 6027] <... futex resumed>) = ? [pid 6026] <... futex resumed>) = ? [pid 6025] <... futex resumed>) = ? [pid 6024] <... exit_group resumed>) = ? [pid 6026] +++ exited with 0 +++ [pid 6025] +++ exited with 0 +++ [pid 6027] +++ exited with 0 +++ [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 155.326555][ T37] audit: type=1800 audit(1753855625.170:59): pid=6026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=119 res=0 errno=0 openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6028 attached , child_tidptr=0x55555c67f690) = 6028 [pid 6028] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6028] chdir("./59") = 0 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] write(1, "executing program\n", 18executing program ) = 18 [pid 6028] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6028] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6029 attached [pid 6029] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6028] <... clone3 resumed> => {parent_tid=[6029]}, 88) = 6029 [pid 6029] <... rseq resumed>) = 0 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6029] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] memfd_create("syzkaller", 0 [pid 6028] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] <... memfd_create resumed>) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6029] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6029] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6029] close(3) = 0 [pid 6029] close(4) = 0 [pid 6029] mkdir("./file2", 0777) = 0 [pid 6029] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 155.954539][ T6029] loop0: detected capacity change from 0 to 256 [pid 6029] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] chdir("./file2") = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6028] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6028] <... futex resumed>) = 0 [ 155.995320][ T6029] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6028] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... openat resumed>) = 4 [pid 6029] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6029] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6029] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6028] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6028] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6028] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6030 attached [pid 6030] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6028] <... clone3 resumed> => {parent_tid=[6030]}, 88) = 6030 [pid 6030] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] <... set_robust_list resumed>) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6028] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] <... openat resumed>) = 5 [pid 6029] <... ioctl resumed>) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6030] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... mmap resumed>) = 0x7f8a95dee000 [pid 6030] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 0 [pid 6028] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6029] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... mprotect resumed>) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6030] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6031 attached [pid 6031] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6028] <... clone3 resumed> => {parent_tid=[6031]}, 88) = 6031 [pid 6031] <... rseq resumed>) = 0 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6031] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6028] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... set_robust_list resumed>) = 0 [pid 6028] <... futex resumed>) = 0 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6031] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6031] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] exit_group(0 [pid 6031] <... futex resumed>) = ? [pid 6030] <... futex resumed>) = ? [pid 6029] <... futex resumed>) = ? [pid 6031] +++ exited with 0 +++ [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ [pid 6028] <... exit_group resumed>) = ? [pid 6028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 156.226421][ T37] audit: type=1800 audit(1753855626.070:60): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=121 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6032 attached , child_tidptr=0x55555c67f690) = 6032 [pid 6032] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6032] chdir("./60") = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6032] setpgid(0, 0) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6032] write(1, "executing program\n", 18executing program ) = 18 [pid 6032] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6032] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6033 attached => {parent_tid=[6033]}, 88) = 6033 [pid 6033] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], [pid 6033] <... rseq resumed>) = 0 [pid 6032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6033] set_robust_list(0x7f8a95e509a0, 24 [pid 6032] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... set_robust_list resumed>) = 0 [pid 6032] <... futex resumed>) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6032] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6033] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6033] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6033] mkdir("./file2", 0777) = 0 [pid 6033] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./file2") = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6033] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] <... futex resumed>) = 0 [pid 6033] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6032] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... openat resumed>) = 4 [pid 6033] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6033] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] <... futex resumed>) = 0 [pid 6033] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 156.799644][ T6033] loop0: detected capacity change from 0 to 256 [ 156.829029][ T6033] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6032] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6032] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6032] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6034 attached [pid 6034] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6034] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6032] <... clone3 resumed> => {parent_tid=[6034]}, 88) = 6034 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6032] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6033] <... ioctl resumed>) = 0 [pid 6034] <... openat resumed>) = 5 [pid 6033] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6034] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = 0 [pid 6032] <... futex resumed>) = 1 [pid 6032] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6033] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6033] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] exit_group(0 [pid 6034] <... futex resumed>) = ? [pid 6033] <... futex resumed>) = ? [pid 6032] <... exit_group resumed>) = ? [pid 6033] +++ exited with 0 +++ [pid 6034] +++ exited with 0 +++ [pid 6032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 156.979007][ T37] audit: type=1800 audit(1753855626.820:61): pid=6034 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=123 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6035] chdir("./61") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6035 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6035] write(1, "executing program\n", 18executing program ) = 18 [pid 6035] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6035] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6036 attached [pid 6036] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6035] <... clone3 resumed> => {parent_tid=[6036]}, 88) = 6036 [pid 6036] <... rseq resumed>) = 0 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], [pid 6036] set_robust_list(0x7f8a95e509a0, 24 [pid 6035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6036] <... set_robust_list resumed>) = 0 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] <... futex resumed>) = 0 [pid 6036] memfd_create("syzkaller", 0 [pid 6035] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6036] <... memfd_create resumed>) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6036] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6036] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [pid 6036] mkdir("./file2", 0777) = 0 [pid 6036] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6036] chdir("./file2") = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6036] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 6036] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... openat resumed>) = 4 [pid 6036] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6036] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6036] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 157.529911][ T6036] loop0: detected capacity change from 0 to 256 [ 157.557493][ T6036] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6035] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6035] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6035] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6037 attached [pid 6037] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6035] <... clone3 resumed> => {parent_tid=[6037]}, 88) = 6037 [pid 6037] <... rseq resumed>) = 0 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], [pid 6037] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6035] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] <... futex resumed>) = 0 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6036] <... ioctl resumed>) = 0 [pid 6037] <... openat resumed>) = 5 [pid 6037] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] <... futex resumed>) = 1 [pid 6036] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6037] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6036] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6035] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6035] exit_group(0 [pid 6037] <... futex resumed>) = ? [pid 6035] <... exit_group resumed>) = ? [pid 6037] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 6035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 157.706489][ T37] audit: type=1800 audit(1753855627.550:62): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=125 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6038 attached [pid 6038] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6038 [pid 6038] chdir("./62") = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6038] setpgid(0, 0) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6038] write(3, "1000", 4) = 4 [pid 6038] close(3) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6038] write(1, "executing program\n", 18executing program ) = 18 [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6038] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6039 attached => {parent_tid=[6039]}, 88) = 6039 [pid 6039] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6039] set_robust_list(0x7f8a95e509a0, 24 [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6038] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6039] memfd_create("syzkaller", 0 [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] <... memfd_create resumed>) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6039] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6039] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./file2", 0777) = 0 [pid 6039] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6039] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./file2") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] <... futex resumed>) = 0 [ 158.259986][ T6039] loop0: detected capacity change from 0 to 256 [pid 6038] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = 1 [pid 6039] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... openat resumed>) = 4 [pid 6039] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6039] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6038] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 158.297927][ T6039] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6038] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6038] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6040 attached [pid 6040] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6038] <... clone3 resumed> => {parent_tid=[6040]}, 88) = 6040 [pid 6040] <... rseq resumed>) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6040] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6038] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... futex resumed>) = 0 [pid 6040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6039] <... ioctl resumed>) = 0 [pid 6040] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6040] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6039] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6038] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 6039] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6039] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6039] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] exit_group(0 [pid 6039] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 6040] <... futex resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 158.486390][ T37] audit: type=1800 audit(1753855628.330:63): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=127 res=0 errno=0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x55555c67f690) = 6041 [pid 6041] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6041] chdir("./63") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] write(1, "executing program\n", 18executing program ) = 18 [pid 6041] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6041] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6042 attached [pid 6042] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6041] <... clone3 resumed> => {parent_tid=[6042]}, 88) = 6042 [pid 6042] <... rseq resumed>) = 0 [pid 6042] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = 1 [pid 6042] memfd_create("syzkaller", 0 [pid 6041] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6042] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6042] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./file2", 0777) = 0 [ 158.863085][ T6042] loop0: detected capacity change from 0 to 256 [pid 6042] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./file2") = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6042] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6042] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6041] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... openat resumed>) = 4 [pid 6042] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6041] <... futex resumed>) = 0 [ 158.914955][ T6042] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6041] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6041] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6043 attached [pid 6043] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6043] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6041] <... clone3 resumed> => {parent_tid=[6043]}, 88) = 6043 [pid 6043] <... set_robust_list resumed>) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = 1 [pid 6041] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6041] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6043] <... openat resumed>) = 5 [pid 6042] <... ioctl resumed>) = 0 [pid 6041] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6043] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] <... futex resumed>) = 0 [pid 6042] <... futex resumed>) = 0 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6041] <... futex resumed>) = 0 [pid 6044] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6044] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] exit_group(0 [pid 6044] <... futex resumed>) = ? [pid 6043] <... futex resumed>) = ? [pid 6042] <... futex resumed>) = ? [pid 6041] <... exit_group resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6043] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 159.126300][ T37] audit: type=1800 audit(1753855628.970:64): pid=6043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=129 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached , child_tidptr=0x55555c67f690) = 6045 [pid 6045] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6045] chdir("./64") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6045] write(1, "executing program\n", 18) = 18 [pid 6045] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6045] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6046 attached [pid 6046] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6046] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... clone3 resumed> => {parent_tid=[6046]}, 88) = 6046 [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6046] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6045] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6045] <... futex resumed>) = 1 [pid 6046] memfd_create("syzkaller", 0 [pid 6045] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6046] <... memfd_create resumed>) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6046] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6046] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6046] close(3) = 0 [pid 6046] close(4) = 0 [pid 6046] mkdir("./file2", 0777) = 0 [pid 6046] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6046] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./file2") = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 159.769619][ T6046] loop0: detected capacity change from 0 to 256 [pid 6046] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6046] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6045] <... futex resumed>) = 1 [pid 6046] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6045] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... openat resumed>) = 4 [pid 6046] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6045] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6045] <... futex resumed>) = 0 [ 159.808353][ T6046] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6045] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6045] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6045] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6047 attached [pid 6047] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6045] <... clone3 resumed> => {parent_tid=[6047]}, 88) = 6047 [pid 6047] <... rseq resumed>) = 0 [pid 6047] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6047] <... set_robust_list resumed>) = 0 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6045] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6045] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6046] <... ioctl resumed>) = 0 [pid 6045] <... mprotect resumed>) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6047] <... openat resumed>) = 5 [pid 6046] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6046] <... futex resumed>) = 0 [pid 6047] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6048 attached [pid 6047] <... futex resumed>) = 0 [pid 6045] <... clone3 resumed> => {parent_tid=[6048]}, 88) = 6048 [pid 6048] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6047] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6048] <... rseq resumed>) = 0 [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6048] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6048] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] <... futex resumed>) = 0 [pid 6045] exit_group(0 [pid 6048] <... futex resumed>) = ? [pid 6047] <... futex resumed>) = ? [pid 6046] <... futex resumed>) = ? [pid 6045] <... exit_group resumed>) = ? [pid 6048] +++ exited with 0 +++ [pid 6047] +++ exited with 0 +++ [pid 6046] +++ exited with 0 +++ [pid 6045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 160.007521][ T37] audit: type=1800 audit(1753855629.850:65): pid=6047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=131 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6049 attached [pid 6049] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6049] chdir("./65" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6049 [pid 6049] <... chdir resumed>) = 0 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6049] write(3, "1000", 4) = 4 [pid 6049] close(3) = 0 [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6049] write(1, "executing program\n", 18executing program ) = 18 [pid 6049] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6049] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6050 attached [pid 6050] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6049] <... clone3 resumed> => {parent_tid=[6050]}, 88) = 6050 [pid 6050] <... rseq resumed>) = 0 [pid 6050] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6050] memfd_create("syzkaller", 0) = 3 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6050] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6050] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6050] close(3) = 0 [pid 6050] close(4) = 0 [pid 6050] mkdir("./file2", 0777) = 0 [pid 6050] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6050] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] chdir("./file2") = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6050] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6050] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6050] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6049] <... futex resumed>) = 0 [pid 6049] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... openat resumed>) = 4 [pid 6050] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = 1 [pid 6049] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6049] <... futex resumed>) = 0 [ 160.506343][ T6050] loop0: detected capacity change from 0 to 256 [ 160.540857][ T6050] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6049] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6049] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6049] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6051 attached [pid 6051] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6051] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6049] <... clone3 resumed> => {parent_tid=[6051]}, 88) = 6051 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], [pid 6051] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6049] <... futex resumed>) = 0 [pid 6049] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... ioctl resumed>) = 0 [pid 6051] <... openat resumed>) = 5 [pid 6050] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6051] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] <... futex resumed>) = 0 [pid 6049] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6049] <... futex resumed>) = 0 [pid 6050] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6049] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] exit_group(0 [pid 6051] <... futex resumed>) = ? [pid 6050] <... futex resumed>) = ? [pid 6049] <... exit_group resumed>) = ? [pid 6051] +++ exited with 0 +++ [pid 6050] +++ exited with 0 +++ [pid 6049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.726605][ T37] audit: type=1800 audit(1753855630.570:66): pid=6051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=133 res=0 errno=0 newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6052 ./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6052] chdir("./66") = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6052] setpgid(0, 0) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6052] write(3, "1000", 4) = 4 [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] write(1, "executing program\n", 18executing program ) = 18 [pid 6052] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6052] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6053 attached [pid 6053] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6052] <... clone3 resumed> => {parent_tid=[6053]}, 88) = 6053 [pid 6053] <... rseq resumed>) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] set_robust_list(0x7f8a95e509a0, 24 [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6052] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], [pid 6052] <... futex resumed>) = 0 [pid 6053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] memfd_create("syzkaller", 0 [pid 6052] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6053] <... memfd_create resumed>) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6053] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6053] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./file2", 0777) = 0 [pid 6053] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6053] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./file2") = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6053] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... openat resumed>) = 4 [pid 6053] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6053] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6052] <... futex resumed>) = 0 [pid 6053] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 161.217876][ T6053] loop0: detected capacity change from 0 to 256 [ 161.246442][ T6053] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6052] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6052] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6054 attached [pid 6054] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6054] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6052] <... clone3 resumed> => {parent_tid=[6054]}, 88) = 6054 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6054] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6054] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6052] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6052] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6055 attached [pid 6055] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6054] <... openat resumed>) = 5 [pid 6053] <... ioctl resumed>) = 0 [pid 6052] <... clone3 resumed> => {parent_tid=[6055]}, 88) = 6055 [pid 6055] <... rseq resumed>) = 0 [pid 6054] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6054] <... futex resumed>) = 0 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6054] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6055] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... futex resumed>) = 0 [pid 6055] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6055] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6052] exit_group(0 [pid 6054] <... futex resumed>) = ? [pid 6053] <... futex resumed>) = ? [pid 6052] <... exit_group resumed>) = ? [pid 6055] +++ exited with 0 +++ [pid 6054] +++ exited with 0 +++ [pid 6053] +++ exited with 0 +++ [pid 6052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 161.396386][ T37] audit: type=1800 audit(1753855631.240:67): pid=6054 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=135 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6056 attached , child_tidptr=0x55555c67f690) = 6056 [pid 6056] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6056] chdir("./67") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6056] write(1, "executing program\n", 18) = 18 [pid 6056] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6056] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6057 attached => {parent_tid=[6057]}, 88) = 6057 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], [pid 6057] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6056] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] set_robust_list(0x7f8a95e509a0, 24 [pid 6056] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6057] <... set_robust_list resumed>) = 0 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6057] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6057] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6057] close(3) = 0 [pid 6057] close(4) = 0 [pid 6057] mkdir("./file2", 0777) = 0 [pid 6057] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6057] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] chdir("./file2") = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6057] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6056] <... futex resumed>) = 0 [pid 6057] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6056] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... openat resumed>) = 4 [pid 6057] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6057] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 161.839793][ T6057] loop0: detected capacity change from 0 to 256 [ 161.864635][ T6057] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6057] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6056] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6056] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6058 attached [pid 6058] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6056] <... clone3 resumed> => {parent_tid=[6058]}, 88) = 6058 [pid 6058] <... rseq resumed>) = 0 [pid 6058] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] rt_sigprocmask(SIG_SETMASK, [], [pid 6056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6056] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... ioctl resumed>) = 0 [pid 6058] <... openat resumed>) = 5 [pid 6057] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6058] <... futex resumed>) = 0 [pid 6056] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] <... futex resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6057] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6056] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6056] exit_group(0) = ? [pid 6057] <... futex resumed>) = ? [pid 6058] <... futex resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6058] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 162.046705][ T37] audit: type=1800 audit(1753855631.890:68): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=137 res=0 errno=0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached , child_tidptr=0x55555c67f690) = 6059 [pid 6059] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6059] chdir("./68") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6059] write(1, "executing program\n", 18executing program ) = 18 [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6059] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6060 attached [pid 6060] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6060] set_robust_list(0x7f8a95e509a0, 24 [pid 6059] <... clone3 resumed> => {parent_tid=[6060]}, 88) = 6060 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], [pid 6060] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6059] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] memfd_create("syzkaller", 0 [pid 6059] <... futex resumed>) = 0 [pid 6060] <... memfd_create resumed>) = 3 [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6060] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6060] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6060] close(3) = 0 [pid 6060] close(4) = 0 [pid 6060] mkdir("./file2", 0777) = 0 [pid 6060] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6060] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6060] chdir("./file2") = 0 [ 162.474875][ T6060] loop0: detected capacity change from 0 to 256 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6060] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = 0 [pid 6060] <... futex resumed>) = 1 [pid 6059] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6059] <... futex resumed>) = 0 [pid 6060] <... openat resumed>) = 4 [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6060] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6059] <... futex resumed>) = 0 [pid 6060] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 162.513189][ T6060] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6059] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6059] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6061 attached [pid 6061] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6059] <... clone3 resumed> => {parent_tid=[6061]}, 88) = 6061 [pid 6061] <... rseq resumed>) = 0 [pid 6061] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], [pid 6061] <... set_robust_list resumed>) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6059] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... ioctl resumed>) = 0 [pid 6061] <... openat resumed>) = 5 [pid 6059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6061] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 6059] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6060] <... futex resumed>) = 1 [pid 6060] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6060] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6060] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] exit_group(0 [pid 6060] <... futex resumed>) = ? [pid 6059] <... exit_group resumed>) = ? [pid 6061] <... futex resumed>) = ? [pid 6060] +++ exited with 0 +++ [pid 6061] +++ exited with 0 +++ [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.706477][ T37] audit: type=1800 audit(1753855632.550:69): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=139 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6062 attached , child_tidptr=0x55555c67f690) = 6062 [pid 6062] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6062] chdir("./69") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] write(1, "executing program\n", 18executing program ) = 18 [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6062] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6063 attached [pid 6063] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6062] <... clone3 resumed> => {parent_tid=[6063]}, 88) = 6063 [pid 6063] <... rseq resumed>) = 0 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] set_robust_list(0x7f8a95e509a0, 24 [pid 6062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6062] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6062] <... futex resumed>) = 0 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] memfd_create("syzkaller", 0 [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] <... memfd_create resumed>) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6063] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6063] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./file2", 0777) = 0 [pid 6063] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./file2") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6063] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6063] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 163.248080][ T6063] loop0: detected capacity change from 0 to 256 [pid 6062] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6063] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 163.289533][ T6063] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6062] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6064 attached [pid 6064] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6064] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6062] <... clone3 resumed> => {parent_tid=[6064]}, 88) = 6064 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] <... set_robust_list resumed>) = 0 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6064] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6062] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... ioctl resumed>) = 0 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6063] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... openat resumed>) = 5 [pid 6062] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 0 [pid 6063] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6062] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 6064] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6063] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] exit_group(0 [pid 6064] <... futex resumed>) = ? [pid 6062] <... exit_group resumed>) = ? [pid 6064] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 163.446706][ T37] audit: type=1800 audit(1753855633.290:70): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=141 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6065 attached , child_tidptr=0x55555c67f690) = 6065 [pid 6065] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6065] chdir("./70") = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] setpgid(0, 0) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6065] write(3, "1000", 4) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6065] write(1, "executing program\n", 18) = 18 [pid 6065] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6065] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6066 attached [pid 6066] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6065] <... clone3 resumed> => {parent_tid=[6066]}, 88) = 6066 [pid 6066] <... rseq resumed>) = 0 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], [pid 6066] set_robust_list(0x7f8a95e509a0, 24 [pid 6065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6066] <... set_robust_list resumed>) = 0 [pid 6065] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], [pid 6065] <... futex resumed>) = 0 [pid 6066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6066] memfd_create("syzkaller", 0) = 3 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6066] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6066] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6066] close(3) = 0 [pid 6066] close(4) = 0 [pid 6066] mkdir("./file2", 0777) = 0 [pid 6066] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6066] chdir("./file2") = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6066] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [ 163.988818][ T6066] loop0: detected capacity change from 0 to 256 [pid 6066] <... futex resumed>) = 1 [pid 6065] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... openat resumed>) = 4 [pid 6066] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6065] <... futex resumed>) = 1 [pid 6066] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 164.039826][ T6066] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6065] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6065] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6065] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6067 attached [pid 6067] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6065] <... clone3 resumed> => {parent_tid=[6067]}, 88) = 6067 [pid 6067] <... rseq resumed>) = 0 [pid 6067] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6067] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... ioctl resumed>) = 0 [pid 6067] <... openat resumed>) = 5 [pid 6066] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6067] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6065] <... futex resumed>) = 0 [pid 6066] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6065] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = 1 [pid 6065] exit_group(0 [pid 6067] <... futex resumed>) = ? [pid 6065] <... exit_group resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6067] +++ exited with 0 +++ [pid 6065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 164.207167][ T37] audit: type=1800 audit(1753855634.050:71): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=143 res=0 errno=0 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached , child_tidptr=0x55555c67f690) = 6068 [pid 6068] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6068] chdir("./71") = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6068] write(3, "1000", 4) = 4 [pid 6068] close(3) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6068] write(1, "executing program\n", 18executing program ) = 18 [pid 6068] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6068] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6069 attached [pid 6069] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6068] <... clone3 resumed> => {parent_tid=[6069]}, 88) = 6069 [pid 6069] <... rseq resumed>) = 0 [pid 6069] set_robust_list(0x7f8a95e509a0, 24 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] <... set_robust_list resumed>) = 0 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] <... futex resumed>) = 0 [pid 6069] memfd_create("syzkaller", 0) = 3 [pid 6068] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6069] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6069] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6069] close(3) = 0 [pid 6069] close(4) = 0 [pid 6069] mkdir("./file2", 0777) = 0 [pid 6069] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6069] chdir("./file2") = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6069] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6069] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6068] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... openat resumed>) = 4 [pid 6069] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6069] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 164.694051][ T6069] loop0: detected capacity change from 0 to 256 [ 164.724366][ T6069] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6068] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6068] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6068] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6070 attached [pid 6070] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6068] <... clone3 resumed> => {parent_tid=[6070]}, 88) = 6070 [pid 6070] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] <... set_robust_list resumed>) = 0 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6069] <... ioctl resumed>) = 0 [pid 6070] <... openat resumed>) = 5 [pid 6069] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6068] <... futex resumed>) = 0 [pid 6070] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6068] <... futex resumed>) = 0 [pid 6069] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6068] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6069] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6069] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] exit_group(0 [pid 6070] <... futex resumed>) = ? [pid 6069] <... futex resumed>) = ? [pid 6068] <... exit_group resumed>) = ? [pid 6070] +++ exited with 0 +++ [pid 6069] +++ exited with 0 +++ [pid 6068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 164.906508][ T37] audit: type=1800 audit(1753855634.750:72): pid=6070 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=145 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6071 attached [pid 6071] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6071] chdir("./72" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6071 [pid 6071] <... chdir resumed>) = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6071] setpgid(0, 0) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6071] write(3, "1000", 4) = 4 [pid 6071] close(3) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6071] write(1, "executing program\n", 18) = 18 [pid 6071] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6071] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6072]}, 88) = 6072 ./strace-static-x86_64: Process 6072 attached [pid 6071] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6072] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6072] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6072] memfd_create("syzkaller", 0) = 3 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6072] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6072] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6072] close(3) = 0 [pid 6072] close(4) = 0 [pid 6072] mkdir("./file2", 0777) = 0 [pid 6072] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6072] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] chdir("./file2") = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6072] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6072] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6071] <... futex resumed>) = 0 [pid 6072] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6071] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... openat resumed>) = 4 [pid 6072] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6071] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6071] <... futex resumed>) = 0 [ 165.335358][ T6072] loop0: detected capacity change from 0 to 256 [ 165.362599][ T6072] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6071] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6071] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6071] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6073 attached [pid 6073] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6071] <... clone3 resumed> => {parent_tid=[6073]}, 88) = 6073 [pid 6073] <... rseq resumed>) = 0 [pid 6073] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6071] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 5 [pid 6072] <... ioctl resumed>) = 0 [pid 6071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6072] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 0 [pid 6072] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6071] <... futex resumed>) = 1 [pid 6072] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6071] exit_group(0 [pid 6073] <... futex resumed>) = ? [pid 6072] <... futex resumed>) = ? [pid 6071] <... exit_group resumed>) = ? [pid 6073] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 165.508893][ T37] audit: type=1800 audit(1753855635.350:73): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=147 res=0 errno=0 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6074 attached , child_tidptr=0x55555c67f690) = 6074 [pid 6074] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6074] chdir("./73") = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6074] write(1, "executing program\n", 18executing program ) = 18 [pid 6074] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6074] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6075 attached [pid 6075] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6074] <... clone3 resumed> => {parent_tid=[6075]}, 88) = 6075 [pid 6075] set_robust_list(0x7f8a95e509a0, 24 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], [pid 6075] <... set_robust_list resumed>) = 0 [pid 6074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], [pid 6074] <... futex resumed>) = 0 [pid 6075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6075] memfd_create("syzkaller", 0) = 3 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6075] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6075] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6075] close(3) = 0 [pid 6075] close(4) = 0 [pid 6075] mkdir("./file2", 0777) = 0 [pid 6075] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6075] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6075] chdir("./file2") = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6075] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6074] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... openat resumed>) = 4 [pid 6075] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] <... futex resumed>) = 0 [ 166.028303][ T6075] loop0: detected capacity change from 0 to 256 [ 166.065135][ T6075] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6075] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6074] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6074] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6074] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6076 attached [pid 6076] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6074] <... clone3 resumed> => {parent_tid=[6076]}, 88) = 6076 [pid 6076] <... rseq resumed>) = 0 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6074] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6074] <... futex resumed>) = 0 [pid 6076] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6074] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... ioctl resumed>) = 0 [pid 6076] <... openat resumed>) = 5 [pid 6075] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] <... futex resumed>) = 1 [pid 6076] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6074] <... futex resumed>) = 1 [pid 6075] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6074] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6075] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] <... futex resumed>) = 0 [pid 6075] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] exit_group(0 [pid 6076] <... futex resumed>) = ? [pid 6075] <... futex resumed>) = ? [pid 6076] +++ exited with 0 +++ [pid 6074] <... exit_group resumed>) = ? [pid 6075] +++ exited with 0 +++ [pid 6074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 166.276683][ T37] audit: type=1800 audit(1753855636.120:74): pid=6076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=149 res=0 errno=0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached , child_tidptr=0x55555c67f690) = 6077 [pid 6077] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6077] chdir("./74") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6077] write(1, "executing program\n", 18) = 18 [pid 6077] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6077] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6078 attached [pid 6078] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6077] <... clone3 resumed> => {parent_tid=[6078]}, 88) = 6078 [pid 6078] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6078] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6078] memfd_create("syzkaller", 0 [pid 6077] <... futex resumed>) = 1 [pid 6077] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6078] <... memfd_create resumed>) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6078] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6078] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] close(4) = 0 [pid 6078] mkdir("./file2", 0777) = 0 [pid 6078] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6078] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./file2") = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6078] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6077] <... futex resumed>) = 1 [pid 6078] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6077] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... openat resumed>) = 4 [pid 6078] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6077] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.701069][ T6078] loop0: detected capacity change from 0 to 256 [ 166.733335][ T6078] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6077] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6077] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6079 attached [pid 6079] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6077] <... clone3 resumed> => {parent_tid=[6079]}, 88) = 6079 [pid 6079] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] <... set_robust_list resumed>) = 0 [pid 6077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6077] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6077] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6077] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6080] <... rseq resumed>) = 0 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], [pid 6080] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], [pid 6077] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6077] <... futex resumed>) = 0 [pid 6080] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6077] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... openat resumed>) = 5 [pid 6078] <... ioctl resumed>) = 0 [pid 6079] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6079] <... futex resumed>) = 0 [pid 6080] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6077] <... futex resumed>) = 0 [pid 6080] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] exit_group(0 [pid 6079] <... futex resumed>) = ? [pid 6078] <... futex resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ [pid 6077] <... exit_group resumed>) = ? [pid 6080] <... futex resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.936580][ T37] audit: type=1800 audit(1753855636.780:75): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=151 res=0 errno=0 newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6081 ./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6081] chdir("./75") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] write(1, "executing program\n", 18) = 18 executing program [pid 6081] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6081] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6082 attached [pid 6082] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6081] <... clone3 resumed> => {parent_tid=[6082]}, 88) = 6082 [pid 6082] <... rseq resumed>) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] set_robust_list(0x7f8a95e509a0, 24 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] <... set_robust_list resumed>) = 0 [pid 6081] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... futex resumed>) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] memfd_create("syzkaller", 0) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6082] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6082] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] close(4) = 0 [pid 6082] mkdir("./file2", 0777) = 0 [pid 6082] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./file2") = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6082] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6082] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6081] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... openat resumed>) = 4 [pid 6082] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6081] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.440662][ T6082] loop0: detected capacity change from 0 to 256 [ 167.471035][ T6082] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6081] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6081] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6083 attached [pid 6083] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6081] <... clone3 resumed> => {parent_tid=[6083]}, 88) = 6083 [pid 6083] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] <... set_robust_list resumed>) = 0 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... ioctl resumed>) = 0 [pid 6083] <... openat resumed>) = 5 [pid 6082] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6083] <... futex resumed>) = 1 [pid 6082] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6083] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6081] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6082] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] exit_group(0 [pid 6082] <... futex resumed>) = ? [pid 6081] <... exit_group resumed>) = ? [pid 6083] <... futex resumed>) = ? [pid 6082] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.677020][ T37] audit: type=1800 audit(1753855637.520:76): pid=6083 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=153 res=0 errno=0 openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x55555c67f690) = 6084 [pid 6084] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6084] chdir("./76") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6084] write(1, "executing program\n", 18executing program ) = 18 [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6084] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6085 attached [pid 6085] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6084] <... clone3 resumed> => {parent_tid=[6085]}, 88) = 6085 [pid 6085] set_robust_list(0x7f8a95e509a0, 24 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] <... set_robust_list resumed>) = 0 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6084] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] memfd_create("syzkaller", 0 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... memfd_create resumed>) = 3 [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6085] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6085] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6085] close(3) = 0 [pid 6085] close(4) = 0 [pid 6085] mkdir("./file2", 0777) = 0 [pid 6085] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6085] chdir("./file2") = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6085] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... openat resumed>) = 4 [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... futex resumed>) = 1 [pid 6084] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6084] <... futex resumed>) = 0 [ 168.276998][ T6085] loop0: detected capacity change from 0 to 256 [ 168.307044][ T6085] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6084] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6084] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6086 attached [pid 6086] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6084] <... clone3 resumed> => {parent_tid=[6086]}, 88) = 6086 [pid 6086] <... rseq resumed>) = 0 [pid 6086] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6086] <... set_robust_list resumed>) = 0 [pid 6086] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6086] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... ioctl resumed>) = 0 [pid 6085] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6086] <... openat resumed>) = 5 [pid 6084] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6085] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6084] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6085] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6085] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6086] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] exit_group(0 [pid 6086] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6085] <... futex resumed>) = ? [pid 6086] +++ exited with 0 +++ [pid 6085] +++ exited with 0 +++ [pid 6084] <... exit_group resumed>) = ? [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 168.478423][ T37] audit: type=1800 audit(1753855638.320:77): pid=6086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=155 res=0 errno=0 openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6087 attached [pid 6087] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6087] chdir("./77" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6087 [pid 6087] <... chdir resumed>) = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] write(1, "executing program\n", 18executing program ) = 18 [pid 6087] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6087] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6088 attached [pid 6088] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6087] <... clone3 resumed> => {parent_tid=[6088]}, 88) = 6088 [pid 6088] <... rseq resumed>) = 0 [pid 6087] rt_sigprocmask(SIG_SETMASK, [], [pid 6088] set_robust_list(0x7f8a95e509a0, 24 [pid 6087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6088] <... set_robust_list resumed>) = 0 [pid 6087] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] <... futex resumed>) = 0 [pid 6088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6088] memfd_create("syzkaller", 0) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6088] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6088] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6088] close(3) = 0 [pid 6088] close(4) = 0 [pid 6088] mkdir("./file2", 0777) = 0 [pid 6088] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6088] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./file2") = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6088] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6087] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] <... openat resumed>) = 4 [pid 6087] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6088] <... futex resumed>) = 0 [pid 6087] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6087] <... futex resumed>) = 0 [ 169.056400][ T6088] loop0: detected capacity change from 0 to 256 [ 169.087273][ T6088] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6087] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6087] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6087] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6089 attached [pid 6089] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6089] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6087] <... clone3 resumed> => {parent_tid=[6089]}, 88) = 6089 [pid 6089] <... set_robust_list resumed>) = 0 [pid 6087] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6087] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6087] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... openat resumed>) = 5 [pid 6088] <... ioctl resumed>) = 0 [pid 6087] <... futex resumed>) = 0 [pid 6089] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6089] <... futex resumed>) = 0 [pid 6088] <... futex resumed>) = 0 [pid 6087] <... mmap resumed>) = 0x7f8a95dee000 [pid 6089] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6090 attached [pid 6090] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6087] <... clone3 resumed> => {parent_tid=[6090]}, 88) = 6090 [pid 6090] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] rt_sigprocmask(SIG_SETMASK, [], [pid 6090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6090] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6087] <... futex resumed>) = 1 [pid 6090] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6087] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6090] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6087] exit_group(0 [pid 6090] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... futex resumed>) = ? [pid 6090] <... futex resumed>) = ? [pid 6089] <... futex resumed>) = ? [pid 6088] +++ exited with 0 +++ [pid 6087] <... exit_group resumed>) = ? [pid 6090] +++ exited with 0 +++ [pid 6089] +++ exited with 0 +++ [pid 6087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 169.266523][ T37] audit: type=1800 audit(1753855639.110:78): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=157 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6091 ./strace-static-x86_64: Process 6091 attached [pid 6091] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6091] chdir("./78") = 0 [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6091] write(1, "executing program\n", 18) = 18 [pid 6091] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6091] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6091] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] memfd_create("syzkaller", 0 [pid 6091] <... futex resumed>) = 0 [pid 6092] <... memfd_create resumed>) = 3 [pid 6091] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6092] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6092] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] close(3) = 0 [pid 6092] close(4) = 0 [pid 6092] mkdir("./file2", 0777) = 0 [pid 6092] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6092] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./file2") = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6091] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... openat resumed>) = 4 [pid 6092] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6091] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6091] <... futex resumed>) = 0 [ 169.787672][ T6092] loop0: detected capacity change from 0 to 256 [ 169.820995][ T6092] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6091] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6091] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6093 attached => {parent_tid=[6093]}, 88) = 6093 [pid 6093] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] <... rseq resumed>) = 0 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6091] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6091] <... futex resumed>) = 0 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6091] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6091] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6094 attached [pid 6094] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6091] <... clone3 resumed> => {parent_tid=[6094]}, 88) = 6094 [pid 6094] <... rseq resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] <... set_robust_list resumed>) = 0 [pid 6092] <... ioctl resumed>) = 0 [pid 6091] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] <... openat resumed>) = 5 [pid 6094] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6093] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6092] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6092] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... futex resumed>) = 0 [pid 6094] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] exit_group(0 [pid 6093] <... futex resumed>) = ? [pid 6092] <... futex resumed>) = ? [pid 6093] +++ exited with 0 +++ [pid 6092] +++ exited with 0 +++ [pid 6091] <... exit_group resumed>) = ? [pid 6094] <... futex resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 170.039595][ T37] audit: type=1800 audit(1753855639.880:79): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=159 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6095 attached , child_tidptr=0x55555c67f690) = 6095 [pid 6095] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6095] chdir("./79") = 0 [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6095] setpgid(0, 0) = 0 [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6095] write(3, "1000", 4) = 4 [pid 6095] close(3) = 0 [pid 6095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6095] write(1, "executing program\n", 18executing program ) = 18 [pid 6095] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6095] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6096 attached [pid 6096] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6096] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6095] <... clone3 resumed> => {parent_tid=[6096]}, 88) = 6096 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], [pid 6096] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6095] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6096] memfd_create("syzkaller", 0) = 3 [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6096] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6096] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6096] close(3) = 0 [pid 6096] close(4) = 0 [pid 6096] mkdir("./file2", 0777) = 0 [pid 6096] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6096] chdir("./file2") = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6096] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6096] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6096] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6095] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... openat resumed>) = 4 [pid 6096] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] <... futex resumed>) = 0 [ 170.442840][ T6096] loop0: detected capacity change from 0 to 256 [pid 6096] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 170.486982][ T6096] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6095] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6095] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6097 attached [pid 6097] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6095] <... clone3 resumed> => {parent_tid=[6097]}, 88) = 6097 [pid 6097] <... rseq resumed>) = 0 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], [pid 6097] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] rt_sigprocmask(SIG_SETMASK, [], [pid 6095] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] <... futex resumed>) = 0 [pid 6097] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6095] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... openat resumed>) = 5 [pid 6096] <... ioctl resumed>) = 0 [pid 6097] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6097] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 0 [pid 6096] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6096] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] <... futex resumed>) = 0 [pid 6095] exit_group(0 [pid 6096] <... futex resumed>) = ? [pid 6097] <... futex resumed>) = ? [pid 6096] +++ exited with 0 +++ [pid 6095] <... exit_group resumed>) = ? [pid 6097] +++ exited with 0 +++ [pid 6095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 170.636378][ T37] audit: type=1800 audit(1753855640.480:80): pid=6097 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=161 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6098 attached , child_tidptr=0x55555c67f690) = 6098 [pid 6098] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6098] chdir("./80") = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6098] setpgid(0, 0) = 0 [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6098] write(3, "1000", 4) = 4 [pid 6098] close(3) = 0 [pid 6098] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6098] write(1, "executing program\n", 18) = 18 [pid 6098] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6098] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6099 attached [pid 6099] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6098] <... clone3 resumed> => {parent_tid=[6099]}, 88) = 6099 [pid 6099] set_robust_list(0x7f8a95e509a0, 24 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], [pid 6099] <... set_robust_list resumed>) = 0 [pid 6098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6098] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] memfd_create("syzkaller", 0 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6099] <... memfd_create resumed>) = 3 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6099] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6099] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6099] close(3) = 0 [pid 6099] close(4) = 0 [pid 6099] mkdir("./file2", 0777) = 0 [pid 6099] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6099] chdir("./file2") = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6099] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6098] <... futex resumed>) = 0 [pid 6099] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6098] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... openat resumed>) = 4 [pid 6099] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6098] <... futex resumed>) = 0 [ 171.179710][ T6099] loop0: detected capacity change from 0 to 256 [ 171.209793][ T6099] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6098] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6098] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6098] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6100 attached => {parent_tid=[6100]}, 88) = 6100 [pid 6100] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], [pid 6100] <... rseq resumed>) = 0 [pid 6100] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6100] <... set_robust_list resumed>) = 0 [pid 6098] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], [pid 6098] <... futex resumed>) = 0 [pid 6100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6098] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6099] <... ioctl resumed>) = 0 [pid 6100] <... openat resumed>) = 5 [pid 6099] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 0 [pid 6100] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6098] <... futex resumed>) = 0 [pid 6099] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6098] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] exit_group(0 [pid 6100] <... futex resumed>) = ? [pid 6098] <... exit_group resumed>) = ? [pid 6100] +++ exited with 0 +++ [pid 6099] <... futex resumed>) = ? [pid 6099] +++ exited with 0 +++ [pid 6098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 171.386676][ T37] audit: type=1800 audit(1753855641.230:81): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=163 res=0 errno=0 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6101] chdir("./81" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6101 [pid 6101] <... chdir resumed>) = 0 [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] setpgid(0, 0) = 0 [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6101] write(3, "1000", 4) = 4 [pid 6101] close(3) = 0 [pid 6101] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6101] write(1, "executing program\n", 18) = 18 [pid 6101] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6101] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6102 attached [pid 6102] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6102] set_robust_list(0x7f8a95e509a0, 24 [pid 6101] <... clone3 resumed> => {parent_tid=[6102]}, 88) = 6102 [pid 6102] <... set_robust_list resumed>) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6101] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... futex resumed>) = 0 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6102] memfd_create("syzkaller", 0) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6102] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6102] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6102] close(3) = 0 [pid 6102] close(4) = 0 [pid 6102] mkdir("./file2", 0777) = 0 [pid 6102] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6102] chdir("./file2") = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6102] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6102] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6101] <... futex resumed>) = 0 [pid 6102] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6101] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... openat resumed>) = 4 [pid 6102] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6102] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 171.924143][ T6102] loop0: detected capacity change from 0 to 256 [ 171.955008][ T6102] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6101] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6101] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6101] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6103 attached [pid 6103] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6101] <... clone3 resumed> => {parent_tid=[6103]}, 88) = 6103 [pid 6103] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] <... set_robust_list resumed>) = 0 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6101] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... openat resumed>) = 5 [pid 6102] <... ioctl resumed>) = 0 [pid 6103] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6101] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... futex resumed>) = 0 [pid 6101] <... futex resumed>) = 1 [pid 6102] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6101] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6102] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6102] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] exit_group(0 [pid 6103] <... futex resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6102] <... futex resumed>) = ? [pid 6101] <... exit_group resumed>) = ? [pid 6102] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 172.146339][ T37] audit: type=1800 audit(1753855641.990:82): pid=6103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=165 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6104 attached [pid 6104] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6104] chdir("./82" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6104 [pid 6104] <... chdir resumed>) = 0 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6104] setpgid(0, 0) = 0 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6104] write(1, "executing program\n", 18executing program ) = 18 [pid 6104] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6104] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6105 attached [pid 6105] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6105] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6104] <... clone3 resumed> => {parent_tid=[6105]}, 88) = 6105 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6104] <... futex resumed>) = 0 [pid 6105] memfd_create("syzkaller", 0) = 3 [pid 6104] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6105] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6105] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6105] close(3) = 0 [pid 6105] close(4) = 0 [pid 6105] mkdir("./file2", 0777) = 0 [pid 6105] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 172.626194][ T6105] loop0: detected capacity change from 0 to 256 [pid 6105] chdir("./file2") = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6105] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6105] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6104] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... openat resumed>) = 4 [pid 6105] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6105] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6104] <... futex resumed>) = 0 [pid 6105] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 172.670450][ T6105] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6104] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6104] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6104] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6104] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6106 attached [pid 6106] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6104] <... clone3 resumed> => {parent_tid=[6106]}, 88) = 6106 [pid 6106] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6106] <... set_robust_list resumed>) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6106] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] <... futex resumed>) = 0 [pid 6106] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6104] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6104] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6104] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6106] <... openat resumed>) = 5 [pid 6105] <... ioctl resumed>) = 0 [pid 6105] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6106] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] <... futex resumed>) = 0 [pid 6104] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6105] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6107 attached [pid 6107] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6104] <... clone3 resumed> => {parent_tid=[6107]}, 88) = 6107 [pid 6107] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6107] <... set_robust_list resumed>) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6107] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6107] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6107] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] <... futex resumed>) = 0 [pid 6104] exit_group(0 [pid 6107] <... futex resumed>) = ? [pid 6106] <... futex resumed>) = ? [pid 6105] <... futex resumed>) = ? [pid 6104] <... exit_group resumed>) = ? [pid 6107] +++ exited with 0 +++ [pid 6106] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ [pid 6104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 172.887105][ T37] audit: type=1800 audit(1753855642.730:83): pid=6106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=167 res=0 errno=0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6108 attached , child_tidptr=0x55555c67f690) = 6108 [pid 6108] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6108] chdir("./83") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6108] write(1, "executing program\n", 18) = 18 [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6108] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6109 attached [pid 6109] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6108] <... clone3 resumed> => {parent_tid=[6109]}, 88) = 6109 [pid 6109] set_robust_list(0x7f8a95e509a0, 24 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] <... set_robust_list resumed>) = 0 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6109] memfd_create("syzkaller", 0 [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6109] <... memfd_create resumed>) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6109] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6109] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] close(4) = 0 [pid 6109] mkdir("./file2", 0777) = 0 [pid 6109] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6109] chdir("./file2") = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6109] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6108] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] <... openat resumed>) = 4 [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 173.371417][ T6109] loop0: detected capacity change from 0 to 256 [pid 6109] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6108] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 173.406037][ T6109] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6108] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6108] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6110 attached => {parent_tid=[6110]}, 88) = 6110 [pid 6110] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6110] <... rseq resumed>) = 0 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6108] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6108] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6109] <... ioctl resumed>) = 0 [pid 6109] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... openat resumed>) = 5 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6108] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = 1 [pid 6109] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6108] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6109] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6110] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] exit_group(0 [pid 6109] <... futex resumed>) = ? [pid 6110] <... futex resumed>) = ? [pid 6109] +++ exited with 0 +++ [pid 6110] +++ exited with 0 +++ [pid 6108] <... exit_group resumed>) = ? [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 173.566730][ T37] audit: type=1800 audit(1753855643.410:84): pid=6110 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=169 res=0 errno=0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6111 ./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6111] chdir("./84") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6111] write(1, "executing program\n", 18) = 18 [pid 6111] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6111] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6112 attached [pid 6112] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6111] <... clone3 resumed> => {parent_tid=[6112]}, 88) = 6112 [pid 6112] <... rseq resumed>) = 0 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], [pid 6112] set_robust_list(0x7f8a95e509a0, 24 [pid 6111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6112] <... set_robust_list resumed>) = 0 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], [pid 6111] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6112] memfd_create("syzkaller", 0 [pid 6111] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6112] <... memfd_create resumed>) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6112] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6112] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6112] close(3) = 0 [pid 6112] close(4) = 0 [pid 6112] mkdir("./file2", 0777) = 0 [pid 6112] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6112] chdir("./file2") = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6112] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 1 [pid 6111] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6112] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6111] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6111] <... futex resumed>) = 0 [ 174.081521][ T6112] loop0: detected capacity change from 0 to 256 [ 174.106256][ T6112] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6111] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6111] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6111] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6113 attached [pid 6113] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6111] <... clone3 resumed> => {parent_tid=[6113]}, 88) = 6113 [pid 6113] <... rseq resumed>) = 0 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6113] <... set_robust_list resumed>) = 0 [pid 6111] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6113] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6111] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... ioctl resumed>) = 0 [pid 6112] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... openat resumed>) = 5 [pid 6111] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6112] <... futex resumed>) = 0 [pid 6113] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6112] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 1 [pid 6112] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] exit_group(0 [pid 6113] <... futex resumed>) = ? [pid 6112] <... futex resumed>) = ? [pid 6111] <... exit_group resumed>) = ? [pid 6113] +++ exited with 0 +++ [pid 6112] +++ exited with 0 +++ [pid 6111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 174.286671][ T37] audit: type=1800 audit(1753855644.130:85): pid=6113 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=171 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6114 [pid 6114] <... set_robust_list resumed>) = 0 [pid 6114] chdir("./85") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] write(1, "executing program\n", 18executing program ) = 18 [pid 6114] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6114] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6115 attached [pid 6115] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] <... rseq resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6115] set_robust_list(0x7f8a95e509a0, 24 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... futex resumed>) = 0 [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6115] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6115] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./file2", 0777) = 0 [pid 6115] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./file2") = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6114] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... openat resumed>) = 4 [pid 6115] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6114] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 174.847210][ T6115] loop0: detected capacity change from 0 to 256 [ 174.880445][ T6115] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6114] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6114] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6114] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6116 attached [pid 6116] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6114] <... clone3 resumed> => {parent_tid=[6116]}, 88) = 6116 [pid 6116] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6116] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6116] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... ioctl resumed>) = 0 [pid 6115] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] <... openat resumed>) = 5 [pid 6115] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6116] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6116] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 6115] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6114] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] exit_group(0 [pid 6116] <... futex resumed>) = ? [pid 6114] <... exit_group resumed>) = ? [pid 6116] +++ exited with 0 +++ [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 175.056869][ T37] audit: type=1800 audit(1753855644.900:86): pid=6116 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=173 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached , child_tidptr=0x55555c67f690) = 6117 [pid 6117] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6117] chdir("./86") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] write(1, "executing program\n", 18executing program ) = 18 [pid 6117] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6117] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6118 attached [pid 6118] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f8a95e509a0, 24 [pid 6117] <... clone3 resumed> => {parent_tid=[6118]}, 88) = 6118 [pid 6118] <... set_robust_list resumed>) = 0 [pid 6117] rt_sigprocmask(SIG_SETMASK, [], [pid 6118] rt_sigprocmask(SIG_SETMASK, [], [pid 6117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6117] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] memfd_create("syzkaller", 0 [pid 6117] <... futex resumed>) = 0 [pid 6118] <... memfd_create resumed>) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6117] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] <... mmap resumed>) = 0x7f8a8da30000 [pid 6118] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6118] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] close(4) = 0 [pid 6118] mkdir("./file2", 0777) = 0 [pid 6118] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6118] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./file2") = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6118] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... openat resumed>) = 4 [pid 6118] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 175.527946][ T6118] loop0: detected capacity change from 0 to 256 [ 175.554861][ T6118] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6117] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6117] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6117] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6119 attached => {parent_tid=[6119]}, 88) = 6119 [pid 6119] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6117] rt_sigprocmask(SIG_SETMASK, [], [pid 6119] <... rseq resumed>) = 0 [pid 6117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6117] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6117] <... futex resumed>) = 0 [pid 6119] <... set_robust_list resumed>) = 0 [pid 6117] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6119] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6118] <... ioctl resumed>) = 0 [pid 6119] <... openat resumed>) = 5 [pid 6118] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6117] <... futex resumed>) = 0 [pid 6119] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6118] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] exit_group(0 [pid 6119] <... futex resumed>) = ? [pid 6118] <... futex resumed>) = ? [pid 6117] <... exit_group resumed>) = ? [pid 6119] +++ exited with 0 +++ [pid 6118] +++ exited with 0 +++ [pid 6117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 175.766575][ T37] audit: type=1800 audit(1753855645.610:87): pid=6119 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=175 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6120 attached [pid 6120] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6120] chdir("./87" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6120 [pid 6120] <... chdir resumed>) = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6120] write(3, "1000", 4) = 4 [pid 6120] close(3) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6120] write(1, "executing program\n", 18) = 18 [pid 6120] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6120] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6121]}, 88) = 6121 ./strace-static-x86_64: Process 6121 attached [pid 6121] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], [pid 6121] set_robust_list(0x7f8a95e509a0, 24 [pid 6120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6121] <... set_robust_list resumed>) = 0 [pid 6120] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], [pid 6120] <... futex resumed>) = 0 [pid 6121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6120] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6121] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6121] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] close(4) = 0 [pid 6121] mkdir("./file2", 0777) = 0 [pid 6121] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6121] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 176.326048][ T6121] loop0: detected capacity change from 0 to 256 [pid 6121] chdir("./file2") = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6121] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6121] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6120] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... openat resumed>) = 4 [pid 6121] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [ 176.373967][ T6121] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6121] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6120] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6120] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6120] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6122 attached [pid 6122] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6120] <... clone3 resumed> => {parent_tid=[6122]}, 88) = 6122 [pid 6122] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], [pid 6122] <... set_robust_list resumed>) = 0 [pid 6120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], [pid 6120] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6122] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6120] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6120] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 6121] <... ioctl resumed>) = 0 [pid 6122] <... openat resumed>) = 5 [pid 6120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6120] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6121] <... futex resumed>) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6121] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6123 attached [pid 6123] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6123] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6120] <... clone3 resumed> => {parent_tid=[6123]}, 88) = 6123 [pid 6123] <... set_robust_list resumed>) = 0 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6120] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6120] <... futex resumed>) = 0 [pid 6123] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] exit_group(0 [pid 6123] <... futex resumed>) = ? [pid 6122] <... futex resumed>) = ? [pid 6121] <... futex resumed>) = ? [pid 6123] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ [pid 6120] <... exit_group resumed>) = ? [pid 6120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 176.607052][ T37] audit: type=1800 audit(1753855646.450:88): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=177 res=0 errno=0 openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6124 attached [pid 6124] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6124] chdir("./88") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6124 [pid 6124] <... prctl resumed>) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6124] write(1, "executing program\n", 18) = 18 [pid 6124] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6124] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6125 attached [pid 6125] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6124] <... clone3 resumed> => {parent_tid=[6125]}, 88) = 6125 [pid 6125] <... rseq resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6125] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6124] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6125] memfd_create("syzkaller", 0) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6125] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6125] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6125] close(3) = 0 [pid 6125] close(4) = 0 [pid 6125] mkdir("./file2", 0777) = 0 [pid 6125] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6125] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6125] chdir("./file2") = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6125] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6125] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6124] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 4 [pid 6125] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 0 [pid 6124] <... futex resumed>) = 1 [pid 6125] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 177.236614][ T6125] loop0: detected capacity change from 0 to 256 [pid 6124] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 177.279360][ T6125] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6124] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6124] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6126 attached [pid 6126] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6124] <... clone3 resumed> => {parent_tid=[6126]}, 88) = 6126 [pid 6126] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6126] <... set_robust_list resumed>) = 0 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] <... futex resumed>) = 0 [pid 6126] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6124] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... ioctl resumed>) = 0 [pid 6125] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... openat resumed>) = 5 [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6126] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6124] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6125] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] exit_group(0 [pid 6126] <... futex resumed>) = ? [pid 6126] +++ exited with 0 +++ [pid 6125] <... futex resumed>) = ? [pid 6124] <... exit_group resumed>) = ? [pid 6125] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 177.436564][ T37] audit: type=1800 audit(1753855647.280:89): pid=6126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=179 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6127 attached , child_tidptr=0x55555c67f690) = 6127 [pid 6127] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6127] chdir("./89") = 0 [pid 6127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6127] setpgid(0, 0) = 0 [pid 6127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6127] write(3, "1000", 4) = 4 [pid 6127] close(3) = 0 [pid 6127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6127] write(1, "executing program\n", 18executing program ) = 18 [pid 6127] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6127] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6128 attached [pid 6128] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6127] <... clone3 resumed> => {parent_tid=[6128]}, 88) = 6128 [pid 6128] <... rseq resumed>) = 0 [pid 6128] set_robust_list(0x7f8a95e509a0, 24 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], [pid 6128] <... set_robust_list resumed>) = 0 [pid 6127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] rt_sigprocmask(SIG_SETMASK, [], [pid 6127] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] <... futex resumed>) = 0 [pid 6127] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6128] memfd_create("syzkaller", 0) = 3 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6128] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6128] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6128] close(3) = 0 [pid 6128] close(4) = 0 [pid 6128] mkdir("./file2", 0777) = 0 [pid 6128] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6128] chdir("./file2") = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 177.906716][ T6128] loop0: detected capacity change from 0 to 256 [pid 6128] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6128] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6127] <... futex resumed>) = 0 [pid 6128] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6127] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... openat resumed>) = 4 [pid 6128] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6128] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6127] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 177.949475][ T6128] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6127] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6127] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6127] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6129 attached [pid 6129] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6127] <... clone3 resumed> => {parent_tid=[6129]}, 88) = 6129 [pid 6129] <... rseq resumed>) = 0 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], [pid 6129] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6129] <... set_robust_list resumed>) = 0 [pid 6127] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6127] <... futex resumed>) = 0 [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6127] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6127] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6127] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6127] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6129] <... openat resumed>) = 5 [pid 6128] <... ioctl resumed>) = 0 [pid 6127] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6129] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = 0 [pid 6128] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6130 attached [pid 6129] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] <... clone3 resumed> => {parent_tid=[6130]}, 88) = 6130 [pid 6130] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] <... rseq resumed>) = 0 [pid 6127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6130] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6127] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... set_robust_list resumed>) = 0 [pid 6127] <... futex resumed>) = 0 [pid 6130] rt_sigprocmask(SIG_SETMASK, [], [pid 6127] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6130] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6130] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6127] exit_group(0 [pid 6130] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... futex resumed>) = ? [pid 6128] <... futex resumed>) = ? [pid 6127] <... exit_group resumed>) = ? [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ [pid 6128] +++ exited with 0 +++ [pid 6127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6127, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 178.166973][ T37] audit: type=1800 audit(1753855648.010:90): pid=6129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=181 res=0 errno=0 openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6131 attached [pid 6131] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6131 [pid 6131] chdir("./90") = 0 [pid 6131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6131] setpgid(0, 0) = 0 [pid 6131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6131] write(3, "1000", 4) = 4 [pid 6131] close(3) = 0 [pid 6131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6131] write(1, "executing program\n", 18executing program ) = 18 [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6131] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6132 attached [pid 6132] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6131] <... clone3 resumed> => {parent_tid=[6132]}, 88) = 6132 [pid 6132] <... rseq resumed>) = 0 [pid 6132] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], [pid 6131] rt_sigprocmask(SIG_SETMASK, [], [pid 6132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6132] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] <... futex resumed>) = 0 [pid 6132] memfd_create("syzkaller", 0 [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6132] <... memfd_create resumed>) = 3 [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6132] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6132] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6132] close(3) = 0 [pid 6132] close(4) = 0 [pid 6132] mkdir("./file2", 0777) = 0 [pid 6132] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6132] chdir("./file2") = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6132] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6132] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6132] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6131] <... futex resumed>) = 1 [pid 6132] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 178.776551][ T6132] loop0: detected capacity change from 0 to 256 [ 178.816271][ T6132] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6131] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6131] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6131] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 6133] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6131] rt_sigprocmask(SIG_SETMASK, [], [pid 6133] <... set_robust_list resumed>) = 0 [pid 6131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6131] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6131] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... ioctl resumed>) = 0 [pid 6133] <... openat resumed>) = 5 [pid 6132] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6131] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] <... futex resumed>) = 0 [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... futex resumed>) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6131] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6132] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6132] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6132] <... futex resumed>) = 1 [pid 6131] exit_group(0 [pid 6132] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6133] <... futex resumed>) = ? [pid 6132] <... futex resumed>) = ? [pid 6131] <... exit_group resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6132] +++ exited with 0 +++ [pid 6131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6131, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 179.006645][ T37] audit: type=1800 audit(1753855648.850:91): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=183 res=0 errno=0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached [pid 6134] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6134 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6134] chdir("./91") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6134] write(1, "executing program\n", 18) = 18 [pid 6134] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6134] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6135 attached => {parent_tid=[6135]}, 88) = 6135 [pid 6135] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] <... rseq resumed>) = 0 [pid 6134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] set_robust_list(0x7f8a95e509a0, 24 [pid 6134] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... set_robust_list resumed>) = 0 [pid 6134] <... futex resumed>) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6135] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6135] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6135] close(3) = 0 [pid 6135] close(4) = 0 [pid 6135] mkdir("./file2", 0777) = 0 [pid 6135] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] chdir("./file2") = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6135] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6135] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6134] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... openat resumed>) = 4 [pid 6135] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6134] <... futex resumed>) = 0 [ 179.410575][ T6135] loop0: detected capacity change from 0 to 256 [ 179.440816][ T6135] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6134] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6134] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6134] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6136 attached [pid 6136] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6134] <... clone3 resumed> => {parent_tid=[6136]}, 88) = 6136 [pid 6136] <... rseq resumed>) = 0 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], [pid 6136] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6134] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], [pid 6134] <... futex resumed>) = 0 [pid 6136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6134] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6135] <... ioctl resumed>) = 0 [pid 6135] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... openat resumed>) = 5 [pid 6134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6135] <... futex resumed>) = 0 [pid 6135] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6134] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] exit_group(0) = ? [pid 6135] <... futex resumed>) = ? [pid 6136] <... futex resumed>) = ? [pid 6135] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 6134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 179.606869][ T37] audit: type=1800 audit(1753855649.450:92): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=185 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6137 attached , child_tidptr=0x55555c67f690) = 6137 [pid 6137] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6137] chdir("./92") = 0 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6137] setpgid(0, 0) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] write(3, "1000", 4) = 4 [pid 6137] close(3) = 0 [pid 6137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6137] write(1, "executing program\n", 18executing program ) = 18 [pid 6137] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6137] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6138 attached [pid 6138] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6137] <... clone3 resumed> => {parent_tid=[6138]}, 88) = 6138 [pid 6138] set_robust_list(0x7f8a95e509a0, 24 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] <... set_robust_list resumed>) = 0 [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6137] <... futex resumed>) = 0 [pid 6138] memfd_create("syzkaller", 0 [pid 6137] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6138] <... memfd_create resumed>) = 3 [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6138] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6138] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6138] close(3) = 0 [pid 6138] close(4) = 0 [pid 6138] mkdir("./file2", 0777) = 0 [pid 6138] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6138] chdir("./file2") = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6138] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6138] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6137] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... openat resumed>) = 4 [ 180.132473][ T6138] loop0: detected capacity change from 0 to 256 [pid 6138] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] <... futex resumed>) = 0 [pid 6138] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] <... futex resumed>) = 0 [pid 6138] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 180.172238][ T6138] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6137] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6137] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6137] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6139 attached [pid 6139] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6137] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 6139] <... rseq resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6139] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6137] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6137] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6137] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6139] <... openat resumed>) = 5 [pid 6138] <... ioctl resumed>) = 0 [pid 6139] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6139] <... futex resumed>) = 0 [pid 6137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6140 attached [pid 6139] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6140] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6137] <... clone3 resumed> => {parent_tid=[6140]}, 88) = 6140 [pid 6140] <... set_robust_list resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6137] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6137] <... futex resumed>) = 0 [pid 6140] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6137] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6137] exit_group(0 [pid 6140] <... futex resumed>) = ? [pid 6139] <... futex resumed>) = ? [pid 6137] <... exit_group resumed>) = ? [pid 6140] +++ exited with 0 +++ [pid 6139] +++ exited with 0 +++ [pid 6138] <... futex resumed>) = ? [pid 6138] +++ exited with 0 +++ [pid 6137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 180.378410][ T37] audit: type=1800 audit(1753855650.220:93): pid=6139 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=187 res=0 errno=0 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached [pid 6141] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6141] chdir("./93" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6141 [pid 6141] <... chdir resumed>) = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6141] write(1, "executing program\n", 18) = 18 [pid 6141] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6141] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6142 attached [pid 6142] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6141] <... clone3 resumed> => {parent_tid=[6142]}, 88) = 6142 [pid 6142] <... rseq resumed>) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] set_robust_list(0x7f8a95e509a0, 24 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] <... set_robust_list resumed>) = 0 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] <... futex resumed>) = 0 [pid 6142] memfd_create("syzkaller", 0 [pid 6141] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] <... memfd_create resumed>) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6142] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6142] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] close(4) = 0 [pid 6142] mkdir("./file2", 0777) = 0 [pid 6142] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6142] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./file2") = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6142] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 6141] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... openat resumed>) = 4 [ 180.902707][ T6142] loop0: detected capacity change from 0 to 256 [pid 6142] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6141] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 180.941593][ T6142] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6141] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6141] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6141] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6143 attached [pid 6143] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6141] <... clone3 resumed> => {parent_tid=[6143]}, 88) = 6143 [pid 6143] <... rseq resumed>) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] <... set_robust_list resumed>) = 0 [pid 6141] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6141] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6141] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] <... openat resumed>) = 5 [pid 6142] <... ioctl resumed>) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6142] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... mmap resumed>) = 0x7f8a95dee000 [pid 6143] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] <... futex resumed>) = 0 [pid 6141] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6143] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... mprotect resumed>) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6144 attached [pid 6144] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6144] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6141] <... clone3 resumed> => {parent_tid=[6144]}, 88) = 6144 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... futex resumed>) = 0 [pid 6144] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6141] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] exit_group(0 [pid 6144] <... futex resumed>) = ? [pid 6142] <... futex resumed>) = ? [pid 6144] +++ exited with 0 +++ [pid 6143] <... futex resumed>) = ? [pid 6142] +++ exited with 0 +++ [pid 6141] <... exit_group resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.126609][ T37] audit: type=1800 audit(1753855650.970:94): pid=6143 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=189 res=0 errno=0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6145 ./strace-static-x86_64: Process 6145 attached [pid 6145] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6145] chdir("./94") = 0 [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6145] setpgid(0, 0) = 0 [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6145] write(3, "1000", 4) = 4 [pid 6145] close(3) = 0 [pid 6145] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6145] write(1, "executing program\n", 18) = 18 [pid 6145] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6145] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6146 attached [pid 6146] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6145] <... clone3 resumed> => {parent_tid=[6146]}, 88) = 6146 [pid 6146] <... rseq resumed>) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6146] set_robust_list(0x7f8a95e509a0, 24 [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6146] <... set_robust_list resumed>) = 0 [pid 6145] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] <... futex resumed>) = 0 [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6146] memfd_create("syzkaller", 0) = 3 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6146] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6146] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6146] close(3) = 0 [pid 6146] close(4) = 0 [pid 6146] mkdir("./file2", 0777) = 0 [pid 6146] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6146] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6146] chdir("./file2") = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6146] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6145] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6145] <... futex resumed>) = 0 [pid 6145] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... openat resumed>) = 4 [pid 6146] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 6146] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6145] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 181.637365][ T6146] loop0: detected capacity change from 0 to 256 [ 181.666407][ T6146] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6146] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6145] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6145] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6147 attached => {parent_tid=[6147]}, 88) = 6147 [pid 6147] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] <... rseq resumed>) = 0 [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6145] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] <... futex resumed>) = 0 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6145] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6145] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6145] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6147] <... openat resumed>) = 5 [pid 6146] <... ioctl resumed>) = 0 [pid 6145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6147] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6148 attached [pid 6148] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6148] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6145] <... clone3 resumed> => {parent_tid=[6148]}, 88) = 6148 [pid 6148] <... set_robust_list resumed>) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6145] <... futex resumed>) = 0 [pid 6148] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] exit_group(0 [pid 6148] <... futex resumed>) = ? [pid 6147] <... futex resumed>) = ? [pid 6146] <... futex resumed>) = ? [pid 6145] <... exit_group resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ [pid 6145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 181.877295][ T37] audit: type=1800 audit(1753855651.720:95): pid=6147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=191 res=0 errno=0 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6149 ./strace-static-x86_64: Process 6149 attached [pid 6149] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6149] chdir("./95") = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6149] setpgid(0, 0) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6149] write(3, "1000", 4) = 4 [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6149] write(1, "executing program\n", 18) = 18 [pid 6149] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6149] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6150 attached [pid 6150] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6149] <... clone3 resumed> => {parent_tid=[6150]}, 88) = 6150 [pid 6150] <... rseq resumed>) = 0 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], [pid 6150] set_robust_list(0x7f8a95e509a0, 24 [pid 6149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6150] <... set_robust_list resumed>) = 0 [pid 6149] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] rt_sigprocmask(SIG_SETMASK, [], [pid 6149] <... futex resumed>) = 0 [pid 6150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6149] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6150] memfd_create("syzkaller", 0) = 3 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6150] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6150] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6150] close(3) = 0 [pid 6150] close(4) = 0 [pid 6150] mkdir("./file2", 0777) = 0 [pid 6150] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 182.290048][ T6150] loop0: detected capacity change from 0 to 256 [pid 6150] chdir("./file2") = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6150] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6150] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6150] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6150] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6149] <... futex resumed>) = 0 [ 182.334534][ T6150] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6149] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6149] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6149] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6149] <... clone3 resumed> => {parent_tid=[6151]}, 88) = 6151 [pid 6151] <... rseq resumed>) = 0 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], [pid 6151] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6151] <... set_robust_list resumed>) = 0 [pid 6149] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6149] <... futex resumed>) = 0 [pid 6151] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6149] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... ioctl resumed>) = 0 [pid 6150] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... openat resumed>) = 5 [pid 6149] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6151] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6151] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] <... futex resumed>) = 0 [pid 6149] <... futex resumed>) = 1 [pid 6150] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6149] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6150] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] exit_group(0 [pid 6151] <... futex resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6150] <... futex resumed>) = ? [pid 6150] +++ exited with 0 +++ [pid 6149] <... exit_group resumed>) = ? [pid 6149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 182.546924][ T37] audit: type=1800 audit(1753855652.390:96): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=193 res=0 errno=0 openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6152 attached , child_tidptr=0x55555c67f690) = 6152 [pid 6152] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6152] chdir("./96") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] write(1, "executing program\n", 18executing program ) = 18 [pid 6152] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6152] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6153 attached [pid 6153] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6152] <... clone3 resumed> => {parent_tid=[6153]}, 88) = 6153 [pid 6153] <... rseq resumed>) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6153] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6153] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6153] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6153] close(3) = 0 [pid 6153] close(4) = 0 [pid 6153] mkdir("./file2", 0777) = 0 [pid 6153] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./file2") = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6153] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6152] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... openat resumed>) = 4 [pid 6153] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 183.161615][ T6153] loop0: detected capacity change from 0 to 256 [ 183.184654][ T6153] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6152] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6152] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6152] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6154 attached [pid 6154] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6154] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6152] <... clone3 resumed> => {parent_tid=[6154]}, 88) = 6154 [pid 6154] <... set_robust_list resumed>) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6154] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6152] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6154] <... openat resumed>) = 5 [pid 6153] <... ioctl resumed>) = 0 [pid 6154] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6154] <... futex resumed>) = 0 [pid 6153] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... mmap resumed>) = 0x7f8a95dee000 [pid 6154] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] <... futex resumed>) = 0 [pid 6152] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6153] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... mprotect resumed>) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6155 attached [pid 6155] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6155] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6152] <... clone3 resumed> => {parent_tid=[6155]}, 88) = 6155 [pid 6155] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6155] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6152] <... futex resumed>) = 0 [pid 6155] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6155] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6155] <... futex resumed>) = 0 [pid 6152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] exit_group(0 [pid 6155] <... futex resumed>) = ? [pid 6154] <... futex resumed>) = ? [pid 6155] +++ exited with 0 +++ [pid 6154] +++ exited with 0 +++ [pid 6153] <... futex resumed>) = ? [pid 6152] <... exit_group resumed>) = ? [pid 6153] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 183.356442][ T37] audit: type=1800 audit(1753855653.200:97): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=195 res=0 errno=0 openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x55555c67f690) = 6156 [pid 6156] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6156] chdir("./97") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6156] write(1, "executing program\n", 18executing program ) = 18 [pid 6156] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6156] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6157 attached => {parent_tid=[6157]}, 88) = 6157 [pid 6157] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] <... rseq resumed>) = 0 [pid 6157] set_robust_list(0x7f8a95e509a0, 24 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] <... set_robust_list resumed>) = 0 [pid 6156] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] memfd_create("syzkaller", 0) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6157] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6157] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] close(4) = 0 [pid 6157] mkdir("./file2", 0777) = 0 [pid 6157] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6157] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] chdir("./file2") = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6157] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6156] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... openat resumed>) = 4 [pid 6157] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6156] <... futex resumed>) = 0 [ 183.868330][ T6157] loop0: detected capacity change from 0 to 256 [ 183.897937][ T6157] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6156] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6156] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6156] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6158 attached => {parent_tid=[6158]}, 88) = 6158 [pid 6158] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6156] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... futex resumed>) = 0 [pid 6158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6157] <... ioctl resumed>) = 0 [pid 6157] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] <... openat resumed>) = 5 [pid 6157] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6158] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6156] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6157] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] exit_group(0 [pid 6157] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] <... futex resumed>) = ? [pid 6157] <... futex resumed>) = ? [pid 6157] +++ exited with 0 +++ [pid 6156] <... exit_group resumed>) = ? [pid 6158] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 184.067913][ T37] audit: type=1800 audit(1753855653.910:98): pid=6158 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=197 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6159] chdir("./98" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6159 [pid 6159] <... chdir resumed>) = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6159] write(1, "executing program\n", 18executing program ) = 18 [pid 6159] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6159] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6160 attached [pid 6160] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6159] <... clone3 resumed> => {parent_tid=[6160]}, 88) = 6160 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6160] <... rseq resumed>) = 0 [pid 6160] set_robust_list(0x7f8a95e509a0, 24 [pid 6159] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6160] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6160] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6160] close(3) = 0 [pid 6160] close(4) = 0 [pid 6160] mkdir("./file2", 0777) = 0 [pid 6160] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6160] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./file2") = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6160] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 1 [pid 6160] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6159] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... openat resumed>) = 4 [pid 6160] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 184.650282][ T6160] loop0: detected capacity change from 0 to 256 [pid 6159] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6160] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 184.692064][ T6160] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6159] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6159] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6159] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6161 attached [pid 6161] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6159] <... clone3 resumed> => {parent_tid=[6161]}, 88) = 6161 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], [pid 6161] <... rseq resumed>) = 0 [pid 6159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6161] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6159] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... set_robust_list resumed>) = 0 [pid 6161] rt_sigprocmask(SIG_SETMASK, [], [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6161] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6161] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 1 [pid 6161] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6159] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6161] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6160] <... ioctl resumed>) = 0 [pid 6161] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6160] <... futex resumed>) = 0 [pid 6161] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] exit_group(0 [pid 6161] <... futex resumed>) = ? [pid 6159] <... exit_group resumed>) = ? [pid 6160] <... futex resumed>) = ? [pid 6161] +++ exited with 0 +++ [pid 6160] +++ exited with 0 +++ [pid 6159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6162 attached , child_tidptr=0x55555c67f690) = 6162 [pid 6162] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6162] chdir("./99") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6162] write(1, "executing program\n", 18) = 18 [pid 6162] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6162] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6163 attached => {parent_tid=[6163]}, 88) = 6163 [pid 6163] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6163] set_robust_list(0x7f8a95e509a0, 24 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6162] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] <... futex resumed>) = 0 [pid 6163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6163] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6163] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] close(4) = 0 [pid 6163] mkdir("./file2", 0777) = 0 [pid 6163] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6163] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./file2") = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6163] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6162] <... futex resumed>) = 1 [pid 6162] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... openat resumed>) = 4 [pid 6163] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6162] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 185.293040][ T6163] loop0: detected capacity change from 0 to 256 [pid 6162] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6162] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [ 185.337533][ T6163] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6162] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6164 attached [pid 6164] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6162] <... clone3 resumed> => {parent_tid=[6164]}, 88) = 6164 [pid 6164] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6164] <... set_robust_list resumed>) = 0 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6164] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] <... futex resumed>) = 0 [pid 6164] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6162] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... ioctl resumed>) = 0 [pid 6164] <... openat resumed>) = 5 [pid 6163] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6164] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6163] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6162] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6163] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] exit_group(0 [pid 6164] <... futex resumed>) = ? [pid 6162] <... exit_group resumed>) = ? [pid 6164] +++ exited with 0 +++ [pid 6163] <... futex resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 185.486831][ T37] audit: type=1800 audit(1753855655.330:99): pid=6164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=201 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached [pid 6165] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6165 [pid 6165] <... set_robust_list resumed>) = 0 [pid 6165] chdir("./100") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] write(1, "executing program\n", 18executing program ) = 18 [pid 6165] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6165] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6166 attached [pid 6166] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6165] <... clone3 resumed> => {parent_tid=[6166]}, 88) = 6166 [pid 6166] set_robust_list(0x7f8a95e509a0, 24 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6166] <... set_robust_list resumed>) = 0 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] memfd_create("syzkaller", 0 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6166] <... memfd_create resumed>) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6166] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6166] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] close(4) = 0 [pid 6166] mkdir("./file2", 0777) = 0 [pid 6166] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./file2") = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6166] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 186.128824][ T6166] loop0: detected capacity change from 0 to 256 [pid 6165] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] <... futex resumed>) = 0 [pid 6166] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6165] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... openat resumed>) = 4 [pid 6166] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 1 [pid 6166] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 186.174713][ T6166] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6165] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6165] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6165] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6167 attached => {parent_tid=[6167]}, 88) = 6167 [pid 6167] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] <... rseq resumed>) = 0 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6165] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] <... futex resumed>) = 0 [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6165] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6165] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6165] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] <... openat resumed>) = 5 [pid 6166] <... ioctl resumed>) = 0 [pid 6167] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6167] <... futex resumed>) = 0 [pid 6166] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6167] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6166] <... futex resumed>) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6166] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6168 attached [pid 6168] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6168] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6165] <... clone3 resumed> => {parent_tid=[6168]}, 88) = 6168 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6168] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 1 [pid 6168] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6165] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6165] exit_group(0 [pid 6168] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6167] <... futex resumed>) = ? [pid 6166] <... futex resumed>) = ? [pid 6168] <... futex resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6166] +++ exited with 0 +++ [pid 6165] <... exit_group resumed>) = ? [pid 6168] +++ exited with 0 +++ [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 186.346400][ T37] audit: type=1800 audit(1753855656.190:100): pid=6167 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=203 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6169 ./strace-static-x86_64: Process 6169 attached [pid 6169] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6169] chdir("./101") = 0 [pid 6169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6169] setpgid(0, 0) = 0 [pid 6169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6169] write(3, "1000", 4) = 4 [pid 6169] close(3) = 0 [pid 6169] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6169] write(1, "executing program\n", 18) = 18 [pid 6169] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6169] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6170 attached [pid 6170] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6169] <... clone3 resumed> => {parent_tid=[6170]}, 88) = 6170 [pid 6170] set_robust_list(0x7f8a95e509a0, 24 [pid 6169] rt_sigprocmask(SIG_SETMASK, [], [pid 6170] <... set_robust_list resumed>) = 0 [pid 6169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6170] rt_sigprocmask(SIG_SETMASK, [], [pid 6169] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6169] <... futex resumed>) = 0 [pid 6170] memfd_create("syzkaller", 0 [pid 6169] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6170] <... memfd_create resumed>) = 3 [pid 6170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6170] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6170] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6170] close(3) = 0 [pid 6170] close(4) = 0 [pid 6170] mkdir("./file2", 0777) = 0 [pid 6170] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6170] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6170] chdir("./file2") = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6170] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] <... futex resumed>) = 0 [pid 6170] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6169] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6169] <... futex resumed>) = 0 [pid 6170] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6169] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... openat resumed>) = 4 [ 186.929716][ T6170] loop0: detected capacity change from 0 to 256 [pid 6170] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6169] <... futex resumed>) = 0 [ 186.967461][ T6170] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6169] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6169] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6169] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6171 attached [pid 6171] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6169] <... clone3 resumed> => {parent_tid=[6171]}, 88) = 6171 [pid 6171] <... rseq resumed>) = 0 [pid 6169] rt_sigprocmask(SIG_SETMASK, [], [pid 6171] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6171] <... set_robust_list resumed>) = 0 [pid 6171] rt_sigprocmask(SIG_SETMASK, [], [pid 6169] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6171] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6170] <... ioctl resumed>) = 0 [pid 6171] <... openat resumed>) = 5 [pid 6170] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6169] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = 0 [pid 6169] <... futex resumed>) = 1 [pid 6170] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6169] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6170] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] <... futex resumed>) = 0 [pid 6169] exit_group(0 [pid 6170] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6169] <... exit_group resumed>) = ? [pid 6171] <... futex resumed>) = ? [pid 6170] +++ exited with 0 +++ [pid 6171] +++ exited with 0 +++ [pid 6169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6169, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 187.176893][ T37] audit: type=1800 audit(1753855657.020:101): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=205 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6172 attached [pid 6172] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6172 [pid 6172] <... set_robust_list resumed>) = 0 [pid 6172] chdir("./102") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6172] write(1, "executing program\n", 18executing program ) = 18 [pid 6172] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6172] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6173 attached [pid 6173] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6172] <... clone3 resumed> => {parent_tid=[6173]}, 88) = 6173 [pid 6173] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], [pid 6172] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6172] <... futex resumed>) = 0 [pid 6173] memfd_create("syzkaller", 0 [pid 6172] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6173] <... memfd_create resumed>) = 3 [pid 6173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6173] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6173] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6173] close(3) = 0 [pid 6173] close(4) = 0 [pid 6173] mkdir("./file2", 0777) = 0 [pid 6173] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6173] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6173] chdir("./file2") = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6173] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6172] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] <... openat resumed>) = 4 [pid 6173] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] <... futex resumed>) = 0 [pid 6173] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 187.786301][ T6173] loop0: detected capacity change from 0 to 256 [ 187.819046][ T6173] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6172] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6172] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6172] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6174 attached [pid 6174] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6174] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6172] <... clone3 resumed> => {parent_tid=[6174]}, 88) = 6174 [pid 6174] <... set_robust_list resumed>) = 0 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], [pid 6174] rt_sigprocmask(SIG_SETMASK, [], [pid 6172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6172] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] <... ioctl resumed>) = 0 [pid 6174] <... openat resumed>) = 5 [pid 6173] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6174] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6173] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6172] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] <... futex resumed>) = 0 [pid 6172] exit_group(0 [pid 6173] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] <... futex resumed>) = ? [pid 6172] <... exit_group resumed>) = ? [pid 6174] +++ exited with 0 +++ [pid 6173] <... futex resumed>) = ? [pid 6173] +++ exited with 0 +++ [pid 6172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 188.006838][ T37] audit: type=1800 audit(1753855657.850:102): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=207 res=0 errno=0 newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6175 attached , child_tidptr=0x55555c67f690) = 6175 [pid 6175] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6175] chdir("./103") = 0 [pid 6175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6175] setpgid(0, 0) = 0 [pid 6175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6175] write(3, "1000", 4) = 4 [pid 6175] close(3) = 0 [pid 6175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6175] write(1, "executing program\n", 18executing program ) = 18 [pid 6175] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6175] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6175] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6176 attached [pid 6176] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6175] <... clone3 resumed> => {parent_tid=[6176]}, 88) = 6176 [pid 6176] set_robust_list(0x7f8a95e509a0, 24 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], [pid 6176] <... set_robust_list resumed>) = 0 [pid 6175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6175] <... futex resumed>) = 0 [pid 6176] memfd_create("syzkaller", 0 [pid 6175] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6176] <... memfd_create resumed>) = 3 [pid 6176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6176] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6176] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6176] close(3) = 0 [pid 6176] close(4) = 0 [pid 6176] mkdir("./file2", 0777) = 0 [pid 6176] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6176] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6176] chdir("./file2") = 0 [pid 6176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6176] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 188.585228][ T6176] loop0: detected capacity change from 0 to 256 [pid 6175] <... futex resumed>) = 0 [pid 6176] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6175] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6175] <... futex resumed>) = 1 [pid 6175] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6176] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6175] <... futex resumed>) = 0 [pid 6176] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6175] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6175] <... futex resumed>) = 1 [pid 6175] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6175] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 188.647549][ T6176] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6175] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6177 attached [pid 6177] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6175] <... clone3 resumed> => {parent_tid=[6177]}, 88) = 6177 [pid 6177] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] <... set_robust_list resumed>) = 0 [pid 6175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6175] <... futex resumed>) = 0 [pid 6175] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... ioctl resumed>) = 0 [pid 6177] <... openat resumed>) = 5 [pid 6176] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6176] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6175] <... futex resumed>) = 0 [pid 6177] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6175] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6175] <... futex resumed>) = 1 [pid 6176] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6175] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6176] <... futex resumed>) = 0 [pid 6175] exit_group(0 [pid 6177] <... futex resumed>) = ? [pid 6177] +++ exited with 0 +++ [pid 6175] <... exit_group resumed>) = ? [pid 6176] +++ exited with 0 +++ [pid 6175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6175, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 188.806768][ T37] audit: type=1800 audit(1753855658.650:103): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=209 res=0 errno=0 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6178 [pid 6178] <... set_robust_list resumed>) = 0 [pid 6178] chdir("./104") = 0 [pid 6178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6178] setpgid(0, 0) = 0 [pid 6178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6178] write(3, "1000", 4) = 4 [pid 6178] close(3) = 0 [pid 6178] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6178] write(1, "executing program\n", 18) = 18 [pid 6178] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6178] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6179 attached [pid 6179] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6178] <... clone3 resumed> => {parent_tid=[6179]}, 88) = 6179 [pid 6179] set_robust_list(0x7f8a95e509a0, 24 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6179] <... set_robust_list resumed>) = 0 [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6179] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] <... futex resumed>) = 0 [pid 6179] memfd_create("syzkaller", 0 [pid 6178] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6179] <... memfd_create resumed>) = 3 [pid 6179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6179] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6179] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6179] close(3) = 0 [pid 6179] close(4) = 0 [pid 6179] mkdir("./file2", 0777) = 0 [pid 6179] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6179] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6179] chdir("./file2") = 0 [ 189.301810][ T6179] loop0: detected capacity change from 0 to 256 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6179] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6179] <... futex resumed>) = 1 [pid 6178] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6178] <... futex resumed>) = 0 [pid 6178] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] <... openat resumed>) = 4 [pid 6179] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6178] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6179] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 189.340950][ T6179] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6178] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6178] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6178] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6180 attached [pid 6180] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6178] <... clone3 resumed> => {parent_tid=[6180]}, 88) = 6180 [pid 6180] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6180] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6178] <... futex resumed>) = 0 [pid 6178] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6178] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6178] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6178] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6180] <... openat resumed>) = 5 [pid 6179] <... ioctl resumed>) = 0 [pid 6178] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6180] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6181 attached [pid 6180] <... futex resumed>) = 0 [pid 6179] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6180] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] <... futex resumed>) = 0 [pid 6181] <... rseq resumed>) = 0 [pid 6179] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] <... clone3 resumed> => {parent_tid=[6181]}, 88) = 6181 [pid 6181] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6181] <... set_robust_list resumed>) = 0 [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6178] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6178] <... futex resumed>) = 0 [pid 6181] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] exit_group(0) = ? [pid 6181] <... futex resumed>) = ? [pid 6180] <... futex resumed>) = ? [pid 6179] <... futex resumed>) = ? [pid 6180] +++ exited with 0 +++ [pid 6181] +++ exited with 0 +++ [pid 6179] +++ exited with 0 +++ [pid 6178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6178, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 189.546473][ T37] audit: type=1800 audit(1753855659.390:104): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=211 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6182 attached [pid 6182] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6182] chdir("./105" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6182 [pid 6182] <... chdir resumed>) = 0 [pid 6182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6182] setpgid(0, 0) = 0 [pid 6182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6182] write(3, "1000", 4) = 4 [pid 6182] close(3) = 0 [pid 6182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6182] write(1, "executing program\n", 18executing program ) = 18 [pid 6182] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6182] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6183 attached [pid 6183] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6182] <... clone3 resumed> => {parent_tid=[6183]}, 88) = 6183 [pid 6183] <... rseq resumed>) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], [pid 6183] set_robust_list(0x7f8a95e509a0, 24 [pid 6182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6183] <... set_robust_list resumed>) = 0 [pid 6182] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], [pid 6182] <... futex resumed>) = 0 [pid 6183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6182] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6183] memfd_create("syzkaller", 0) = 3 [pid 6183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6183] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6183] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6183] close(3) = 0 [pid 6183] close(4) = 0 [pid 6183] mkdir("./file2", 0777) = 0 [pid 6183] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6183] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6183] chdir("./file2") = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6183] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6183] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6182] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] <... openat resumed>) = 4 [pid 6183] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 190.118205][ T6183] loop0: detected capacity change from 0 to 256 [ 190.148486][ T6183] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6182] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6182] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6182] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6184 attached [pid 6184] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6182] <... clone3 resumed> => {parent_tid=[6184]}, 88) = 6184 [pid 6184] <... rseq resumed>) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] <... set_robust_list resumed>) = 0 [pid 6182] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], [pid 6182] <... futex resumed>) = 0 [pid 6184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6182] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] <... ioctl resumed>) = 0 [pid 6184] <... openat resumed>) = 5 [pid 6183] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6184] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6182] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6182] <... futex resumed>) = 0 [pid 6183] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6182] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6182] exit_group(0 [pid 6183] <... futex resumed>) = ? [pid 6182] <... exit_group resumed>) = ? [pid 6184] <... futex resumed>) = ? [pid 6183] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [pid 6182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6182, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 190.316653][ T37] audit: type=1800 audit(1753855660.160:105): pid=6184 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=213 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6185 attached , child_tidptr=0x55555c67f690) = 6185 [pid 6185] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6185] chdir("./106") = 0 [pid 6185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6185] setpgid(0, 0) = 0 [pid 6185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6185] write(3, "1000", 4) = 4 [pid 6185] close(3) = 0 [pid 6185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6185] write(1, "executing program\n", 18executing program ) = 18 [pid 6185] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6185] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6186 attached [pid 6186] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6185] <... clone3 resumed> => {parent_tid=[6186]}, 88) = 6186 [pid 6186] set_robust_list(0x7f8a95e509a0, 24 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] <... set_robust_list resumed>) = 0 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] memfd_create("syzkaller", 0 [pid 6185] <... futex resumed>) = 0 [pid 6186] <... memfd_create resumed>) = 3 [pid 6185] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6186] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6186] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6186] close(3) = 0 [pid 6186] close(4) = 0 [pid 6186] mkdir("./file2", 0777) = 0 [pid 6186] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6186] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6186] chdir("./file2") = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6186] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6185] <... futex resumed>) = 0 [pid 6186] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6185] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] <... openat resumed>) = 4 [pid 6186] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6186] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 190.763074][ T6186] loop0: detected capacity change from 0 to 256 [ 190.784385][ T6186] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6185] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6185] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6185] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6187 attached [pid 6187] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6185] <... clone3 resumed> => {parent_tid=[6187]}, 88) = 6187 [pid 6187] <... rseq resumed>) = 0 [pid 6187] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] <... set_robust_list resumed>) = 0 [pid 6185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6185] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] <... futex resumed>) = 0 [pid 6187] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6185] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6185] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6185] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6188 attached [pid 6186] <... ioctl resumed>) = 0 [pid 6187] <... openat resumed>) = 5 [pid 6185] <... clone3 resumed> => {parent_tid=[6188]}, 88) = 6188 [pid 6188] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6187] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], [pid 6188] <... rseq resumed>) = 0 [pid 6187] <... futex resumed>) = 0 [pid 6188] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6187] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... futex resumed>) = 0 [pid 6185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6188] <... set_robust_list resumed>) = 0 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6188] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6188] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6188] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] exit_group(0 [pid 6188] <... futex resumed>) = ? [pid 6187] <... futex resumed>) = ? [pid 6186] <... futex resumed>) = ? [pid 6188] +++ exited with 0 +++ [pid 6187] +++ exited with 0 +++ [pid 6186] +++ exited with 0 +++ [pid 6185] <... exit_group resumed>) = ? [pid 6185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6185, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 190.987502][ T37] audit: type=1800 audit(1753855660.830:106): pid=6187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=215 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6189 attached , child_tidptr=0x55555c67f690) = 6189 [pid 6189] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6189] chdir("./107") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6189] write(1, "executing program\n", 18) = 18 [pid 6189] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6189] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6190 attached [pid 6190] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6189] <... clone3 resumed> => {parent_tid=[6190]}, 88) = 6190 [pid 6190] set_robust_list(0x7f8a95e509a0, 24 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], [pid 6190] <... set_robust_list resumed>) = 0 [pid 6189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], [pid 6189] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6189] <... futex resumed>) = 0 [pid 6190] memfd_create("syzkaller", 0 [pid 6189] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6190] <... memfd_create resumed>) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6190] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6190] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6190] close(3) = 0 [pid 6190] close(4) = 0 [pid 6190] mkdir("./file2", 0777) = 0 [pid 6190] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6190] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./file2") = 0 [ 191.518152][ T6190] loop0: detected capacity change from 0 to 256 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6190] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6190] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6189] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... openat resumed>) = 4 [pid 6190] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 191.557646][ T6190] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6190] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6189] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6189] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6189] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6191 attached [pid 6191] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6191] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6189] <... clone3 resumed> => {parent_tid=[6191]}, 88) = 6191 [pid 6191] <... set_robust_list resumed>) = 0 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], [pid 6191] rt_sigprocmask(SIG_SETMASK, [], [pid 6189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6189] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... ioctl resumed>) = 0 [pid 6191] <... openat resumed>) = 5 [pid 6190] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6191] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 0 [pid 6190] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6190] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6189] exit_group(0 [pid 6190] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] <... futex resumed>) = ? [pid 6190] <... futex resumed>) = ? [pid 6189] <... exit_group resumed>) = ? [pid 6190] +++ exited with 0 +++ [pid 6191] +++ exited with 0 +++ [pid 6189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 191.726589][ T37] audit: type=1800 audit(1753855661.570:107): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=217 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6192 attached , child_tidptr=0x55555c67f690) = 6192 [pid 6192] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6192] chdir("./108") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6192] write(1, "executing program\n", 18) = 18 [pid 6192] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6192] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6193 attached [pid 6193] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6192] <... clone3 resumed> => {parent_tid=[6193]}, 88) = 6193 [pid 6193] set_robust_list(0x7f8a95e509a0, 24 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], [pid 6193] <... set_robust_list resumed>) = 0 [pid 6192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6193] rt_sigprocmask(SIG_SETMASK, [], [pid 6192] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6192] <... futex resumed>) = 0 [pid 6193] memfd_create("syzkaller", 0 [pid 6192] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] <... memfd_create resumed>) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6193] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6193] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6193] close(3) = 0 [pid 6193] close(4) = 0 [pid 6193] mkdir("./file2", 0777) = 0 [pid 6193] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6193] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6193] chdir("./file2") = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6193] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6192] <... futex resumed>) = 0 [pid 6193] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6192] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... openat resumed>) = 4 [pid 6193] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 0 [pid 6193] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6192] <... futex resumed>) = 1 [ 192.316096][ T6193] loop0: detected capacity change from 0 to 256 [ 192.347127][ T6193] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6192] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6192] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6192] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6194 attached => {parent_tid=[6194]}, 88) = 6194 [pid 6194] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], [pid 6194] <... rseq resumed>) = 0 [pid 6192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6194] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6192] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], [pid 6192] <... futex resumed>) = 0 [pid 6194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6194] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6192] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6192] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6192] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6194] <... openat resumed>) = 5 [pid 6193] <... ioctl resumed>) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6194] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6194] <... futex resumed>) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6195 attached [pid 6194] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6192] <... clone3 resumed> => {parent_tid=[6195]}, 88) = 6195 [pid 6195] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], [pid 6195] <... set_robust_list resumed>) = 0 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6192] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6192] <... futex resumed>) = 0 [pid 6195] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6192] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6193] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] exit_group(0 [pid 6195] <... futex resumed>) = ? [pid 6193] <... futex resumed>) = ? [pid 6192] <... exit_group resumed>) = ? [pid 6195] +++ exited with 0 +++ [pid 6194] <... futex resumed>) = ? [pid 6193] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 6192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 192.516527][ T37] audit: type=1800 audit(1753855662.360:108): pid=6194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=219 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6196 attached [pid 6196] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6196 [pid 6196] <... set_robust_list resumed>) = 0 [pid 6196] chdir("./109") = 0 [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6196] setpgid(0, 0) = 0 [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6196] write(3, "1000", 4) = 4 [pid 6196] close(3) = 0 [pid 6196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6196] write(1, "executing program\n", 18executing program ) = 18 [pid 6196] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6196] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6197 attached => {parent_tid=[6197]}, 88) = 6197 [pid 6197] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] set_robust_list(0x7f8a95e509a0, 24 [pid 6196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6197] <... set_robust_list resumed>) = 0 [pid 6196] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6196] <... futex resumed>) = 0 [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6196] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6197] memfd_create("syzkaller", 0) = 3 [pid 6197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6197] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6197] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6197] close(3) = 0 [pid 6197] close(4) = 0 [pid 6197] mkdir("./file2", 0777) = 0 [pid 6197] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6197] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6197] chdir("./file2") = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6197] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6197] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6197] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6196] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... openat resumed>) = 4 [pid 6197] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6197] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 192.998039][ T6197] loop0: detected capacity change from 0 to 256 [ 193.026071][ T6197] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6197] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6196] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6196] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6196] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6198 attached [pid 6198] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6196] <... clone3 resumed> => {parent_tid=[6198]}, 88) = 6198 [pid 6198] <... rseq resumed>) = 0 [pid 6198] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6196] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6196] <... futex resumed>) = 0 [pid 6196] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... openat resumed>) = 5 [pid 6197] <... ioctl resumed>) = 0 [pid 6198] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = 1 [pid 6197] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] <... futex resumed>) = 0 [pid 6196] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6196] <... futex resumed>) = 0 [pid 6197] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6197] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... futex resumed>) = 0 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] exit_group(0 [pid 6198] <... futex resumed>) = ? [pid 6197] <... futex resumed>) = ? [pid 6198] +++ exited with 0 +++ [pid 6196] <... exit_group resumed>) = ? [pid 6197] +++ exited with 0 +++ [pid 6196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 [ 193.216453][ T37] audit: type=1800 audit(1753855663.060:109): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=221 res=0 errno=0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6199 attached , child_tidptr=0x55555c67f690) = 6199 [pid 6199] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6199] chdir("./110") = 0 [pid 6199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6199] setpgid(0, 0) = 0 [pid 6199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6199] write(3, "1000", 4) = 4 [pid 6199] close(3) = 0 [pid 6199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6199] write(1, "executing program\n", 18executing program ) = 18 [pid 6199] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6199] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6200 attached [pid 6200] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6199] <... clone3 resumed> => {parent_tid=[6200]}, 88) = 6200 [pid 6200] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6200] rt_sigprocmask(SIG_SETMASK, [], [pid 6199] rt_sigprocmask(SIG_SETMASK, [], [pid 6200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6200] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = 0 [pid 6199] <... futex resumed>) = 1 [pid 6199] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6200] memfd_create("syzkaller", 0) = 3 [pid 6200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6200] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6200] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6200] close(3) = 0 [pid 6200] close(4) = 0 [pid 6200] mkdir("./file2", 0777) = 0 [pid 6200] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6200] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6200] chdir("./file2") = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6200] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] <... futex resumed>) = 0 [pid 6200] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] <... futex resumed>) = 0 [pid 6200] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6199] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... openat resumed>) = 4 [pid 6200] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 0 [pid 6200] <... futex resumed>) = 1 [pid 6200] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6199] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.771833][ T6200] loop0: detected capacity change from 0 to 256 [ 193.795119][ T6200] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6199] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6199] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6199] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6201 attached => {parent_tid=[6201]}, 88) = 6201 [pid 6201] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6199] rt_sigprocmask(SIG_SETMASK, [], [pid 6201] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6201] <... set_robust_list resumed>) = 0 [pid 6199] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], [pid 6199] <... futex resumed>) = 0 [pid 6201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6199] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6200] <... ioctl resumed>) = 0 [pid 6201] <... openat resumed>) = 5 [pid 6200] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = 0 [pid 6199] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6200] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] <... futex resumed>) = 0 [pid 6200] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6199] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] exit_group(0 [pid 6200] <... futex resumed>) = ? [pid 6199] <... exit_group resumed>) = ? [pid 6200] +++ exited with 0 +++ [pid 6201] <... futex resumed>) = ? [pid 6201] +++ exited with 0 +++ [pid 6199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 193.956748][ T37] audit: type=1800 audit(1753855663.800:110): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=223 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6202 attached , child_tidptr=0x55555c67f690) = 6202 [pid 6202] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6202] chdir("./111") = 0 [pid 6202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6202] setpgid(0, 0) = 0 [pid 6202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6202] write(3, "1000", 4) = 4 [pid 6202] close(3) = 0 [pid 6202] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6202] write(1, "executing program\n", 18) = 18 [pid 6202] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6202] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6202] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6203 attached [pid 6203] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6202] <... clone3 resumed> => {parent_tid=[6203]}, 88) = 6203 [pid 6203] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6203] rt_sigprocmask(SIG_SETMASK, [], [pid 6202] rt_sigprocmask(SIG_SETMASK, [], [pid 6203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6203] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6203] memfd_create("syzkaller", 0 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6203] <... memfd_create resumed>) = 3 [pid 6203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6203] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6203] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6203] close(3) = 0 [pid 6203] close(4) = 0 [pid 6203] mkdir("./file2", 0777) = 0 [pid 6203] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6203] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6203] chdir("./file2") = 0 [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6203] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... openat resumed>) = 4 [pid 6203] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 194.517485][ T6203] loop0: detected capacity change from 0 to 256 [ 194.543873][ T6203] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6202] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6202] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6202] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6204 attached [pid 6204] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6204] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6202] <... clone3 resumed> => {parent_tid=[6204]}, 88) = 6204 [pid 6204] <... set_robust_list resumed>) = 0 [pid 6202] rt_sigprocmask(SIG_SETMASK, [], [pid 6204] rt_sigprocmask(SIG_SETMASK, [], [pid 6202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... ioctl resumed>) = 0 [pid 6204] <... openat resumed>) = 5 [pid 6203] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6204] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6203] <... futex resumed>) = 0 [pid 6202] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6202] <... futex resumed>) = 0 [pid 6203] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] exit_group(0 [pid 6204] <... futex resumed>) = ? [pid 6202] <... exit_group resumed>) = ? [pid 6204] +++ exited with 0 +++ [pid 6203] <... futex resumed>) = ? [pid 6203] +++ exited with 0 +++ [pid 6202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6202, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 194.726655][ T37] audit: type=1800 audit(1753855664.570:111): pid=6204 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=225 res=0 errno=0 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6205 attached , child_tidptr=0x55555c67f690) = 6205 [pid 6205] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6205] chdir("./112") = 0 [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6205] setpgid(0, 0) = 0 [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6205] write(3, "1000", 4) = 4 [pid 6205] close(3) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6205] write(1, "executing program\n", 18) = 18 [pid 6205] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6205] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6206 attached [pid 6206] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6205] <... clone3 resumed> => {parent_tid=[6206]}, 88) = 6206 [pid 6206] <... rseq resumed>) = 0 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], [pid 6206] set_robust_list(0x7f8a95e509a0, 24 [pid 6205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6206] <... set_robust_list resumed>) = 0 [pid 6206] rt_sigprocmask(SIG_SETMASK, [], [pid 6205] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6205] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6206] memfd_create("syzkaller", 0) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6206] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6206] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6206] close(3) = 0 [pid 6206] close(4) = 0 [pid 6206] mkdir("./file2", 0777) = 0 [pid 6206] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6206] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6206] chdir("./file2") = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6206] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6205] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6206] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6206] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6205] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.252491][ T6206] loop0: detected capacity change from 0 to 256 [pid 6205] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 195.290274][ T6206] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6205] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6205] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6207 attached [pid 6207] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6205] <... clone3 resumed> => {parent_tid=[6207]}, 88) = 6207 [pid 6207] <... rseq resumed>) = 0 [pid 6207] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], [pid 6207] <... set_robust_list resumed>) = 0 [pid 6205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], [pid 6205] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6205] <... futex resumed>) = 0 [pid 6207] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6205] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... ioctl resumed>) = 0 [pid 6206] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... openat resumed>) = 5 [pid 6207] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6207] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6205] <... futex resumed>) = 1 [pid 6206] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6205] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6206] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6206] <... futex resumed>) = 0 [pid 6205] exit_group(0 [pid 6206] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] <... exit_group resumed>) = ? [pid 6207] <... futex resumed>) = ? [pid 6206] <... futex resumed>) = ? [pid 6207] +++ exited with 0 +++ [pid 6206] +++ exited with 0 +++ [pid 6205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 195.439436][ T37] audit: type=1800 audit(1753855665.280:112): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=227 res=0 errno=0 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6208 attached , child_tidptr=0x55555c67f690) = 6208 [pid 6208] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6208] chdir("./113") = 0 [pid 6208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6208] setpgid(0, 0) = 0 [pid 6208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6208] write(3, "1000", 4) = 4 [pid 6208] close(3) = 0 [pid 6208] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6208] write(1, "executing program\n", 18) = 18 [pid 6208] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6208] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6209 attached => {parent_tid=[6209]}, 88) = 6209 [pid 6209] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], [pid 6209] set_robust_list(0x7f8a95e509a0, 24 [pid 6208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6209] <... set_robust_list resumed>) = 0 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], [pid 6208] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6209] memfd_create("syzkaller", 0) = 3 [pid 6209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6209] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6209] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6209] close(3) = 0 [pid 6209] close(4) = 0 [pid 6209] mkdir("./file2", 0777) = 0 [pid 6209] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6209] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6209] chdir("./file2") = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6209] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = 1 [pid 6209] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... openat resumed>) = 4 [pid 6209] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6209] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6208] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.988743][ T6209] loop0: detected capacity change from 0 to 256 [ 196.018589][ T6209] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6208] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6208] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6208] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6210 attached [pid 6210] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6208] <... clone3 resumed> => {parent_tid=[6210]}, 88) = 6210 [pid 6210] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], [pid 6210] <... set_robust_list resumed>) = 0 [pid 6208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], [pid 6208] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6208] <... futex resumed>) = 0 [pid 6210] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6208] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... ioctl resumed>) = 0 [pid 6210] <... openat resumed>) = 5 [pid 6209] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6209] <... futex resumed>) = 0 [pid 6210] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6209] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6208] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6209] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] <... futex resumed>) = 0 [pid 6208] exit_group(0) = ? [pid 6210] <... futex resumed>) = ? [pid 6209] <... futex resumed>) = ? [pid 6210] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ [pid 6208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6208, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 196.196513][ T37] audit: type=1800 audit(1753855666.040:113): pid=6210 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=229 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6211 attached [pid 6211] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6211 [pid 6211] <... set_robust_list resumed>) = 0 [pid 6211] chdir("./114") = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6211] setpgid(0, 0) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6211] write(3, "1000", 4) = 4 [pid 6211] close(3) = 0 [pid 6211] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6211] write(1, "executing program\n", 18) = 18 [pid 6211] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6211] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6212 attached [pid 6212] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6211] <... clone3 resumed> => {parent_tid=[6212]}, 88) = 6212 [pid 6212] <... rseq resumed>) = 0 [pid 6212] set_robust_list(0x7f8a95e509a0, 24 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], [pid 6212] <... set_robust_list resumed>) = 0 [pid 6211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] <... futex resumed>) = 0 [pid 6212] memfd_create("syzkaller", 0 [pid 6211] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6212] <... memfd_create resumed>) = 3 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6212] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6212] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] close(3) = 0 [pid 6212] close(4) = 0 [pid 6212] mkdir("./file2", 0777) = 0 [pid 6212] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6212] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6212] chdir("./file2") = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6212] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6211] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... openat resumed>) = 4 [ 196.754141][ T6212] loop0: detected capacity change from 0 to 256 [pid 6212] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] <... futex resumed>) = 0 [pid 6212] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6211] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 196.795460][ T6212] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6211] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6211] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6213 attached [pid 6213] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6211] <... clone3 resumed> => {parent_tid=[6213]}, 88) = 6213 [pid 6213] <... rseq resumed>) = 0 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], [pid 6213] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] <... set_robust_list resumed>) = 0 [pid 6211] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] <... futex resumed>) = 0 [pid 6213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6211] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6211] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6211] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6213] <... openat resumed>) = 5 [pid 6212] <... ioctl resumed>) = 0 [pid 6212] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6213] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... futex resumed>) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6214 attached [pid 6213] <... futex resumed>) = 0 [pid 6212] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6214] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6211] <... clone3 resumed> => {parent_tid=[6214]}, 88) = 6214 [pid 6214] <... set_robust_list resumed>) = 0 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6211] <... futex resumed>) = 0 [pid 6214] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6211] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6214] <... futex resumed>) = 0 [pid 6211] exit_group(0 [pid 6214] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] <... exit_group resumed>) = ? [pid 6214] <... futex resumed>) = ? [pid 6213] <... futex resumed>) = ? [pid 6212] <... futex resumed>) = ? [pid 6214] +++ exited with 0 +++ [pid 6213] +++ exited with 0 +++ [pid 6212] +++ exited with 0 +++ [pid 6211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 196.996528][ T37] audit: type=1800 audit(1753855666.840:114): pid=6213 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=231 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6215 attached , child_tidptr=0x55555c67f690) = 6215 [pid 6215] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6215] chdir("./115") = 0 [pid 6215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6215] setpgid(0, 0) = 0 [pid 6215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6215] write(3, "1000", 4) = 4 [pid 6215] close(3) = 0 [pid 6215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6215] write(1, "executing program\n", 18executing program ) = 18 [pid 6215] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6215] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6216 attached [pid 6216] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6216] set_robust_list(0x7f8a95e509a0, 24 [pid 6215] <... clone3 resumed> => {parent_tid=[6216]}, 88) = 6216 [pid 6216] <... set_robust_list resumed>) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6215] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] memfd_create("syzkaller", 0 [pid 6215] <... futex resumed>) = 0 [pid 6216] <... memfd_create resumed>) = 3 [pid 6215] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6216] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6216] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6216] close(3) = 0 [pid 6216] close(4) = 0 [pid 6216] mkdir("./file2", 0777) = 0 [pid 6216] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 197.451893][ T6216] loop0: detected capacity change from 0 to 256 [pid 6216] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6216] chdir("./file2") = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6216] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 1 [pid 6215] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... openat resumed>) = 4 [pid 6216] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 1 [pid 6215] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6215] <... futex resumed>) = 0 [ 197.492432][ T6216] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6215] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6215] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6215] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6217 attached [pid 6217] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6217] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6215] <... clone3 resumed> => {parent_tid=[6217]}, 88) = 6217 [pid 6217] <... set_robust_list resumed>) = 0 [pid 6217] rt_sigprocmask(SIG_SETMASK, [], [pid 6215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6215] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6216] <... ioctl resumed>) = 0 [pid 6217] <... openat resumed>) = 5 [pid 6216] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] <... futex resumed>) = 1 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6215] <... futex resumed>) = 1 [pid 6216] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6215] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 6215] exit_group(0 [pid 6216] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6215] <... exit_group resumed>) = ? [pid 6216] +++ exited with 0 +++ [pid 6217] +++ exited with 0 +++ [pid 6215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6215, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 197.666789][ T37] audit: type=1800 audit(1753855667.510:115): pid=6217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=233 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6218 attached , child_tidptr=0x55555c67f690) = 6218 [pid 6218] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6218] chdir("./116") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6218] write(1, "executing program\n", 18) = 18 [pid 6218] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6218] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6219 attached [pid 6219] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6218] <... clone3 resumed> => {parent_tid=[6219]}, 88) = 6219 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], [pid 6219] set_robust_list(0x7f8a95e509a0, 24 [pid 6218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6219] <... set_robust_list resumed>) = 0 [pid 6218] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], [pid 6218] <... futex resumed>) = 0 [pid 6219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6218] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6219] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6219] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6219] close(3) = 0 [pid 6219] close(4) = 0 [pid 6219] mkdir("./file2", 0777) = 0 [pid 6219] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6219] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6219] chdir("./file2") = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6219] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6218] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... openat resumed>) = 4 [pid 6219] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] <... futex resumed>) = 0 [pid 6219] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 198.124633][ T6219] loop0: detected capacity change from 0 to 256 [ 198.145574][ T6219] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6218] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6218] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6218] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6220 attached [pid 6220] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6218] <... clone3 resumed> => {parent_tid=[6220]}, 88) = 6220 [pid 6220] <... rseq resumed>) = 0 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], [pid 6220] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6220] <... set_robust_list resumed>) = 0 [pid 6218] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] rt_sigprocmask(SIG_SETMASK, [], [pid 6218] <... futex resumed>) = 0 [pid 6220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6218] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6219] <... ioctl resumed>) = 0 [pid 6220] <... openat resumed>) = 5 [pid 6220] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6218] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6219] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] exit_group(0 [pid 6220] <... futex resumed>) = ? [pid 6219] <... futex resumed>) = ? [pid 6218] <... exit_group resumed>) = ? [pid 6220] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ [pid 6218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 198.326835][ T37] audit: type=1800 audit(1753855668.170:116): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=235 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6221 attached , child_tidptr=0x55555c67f690) = 6221 [pid 6221] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6221] chdir("./117") = 0 [pid 6221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6221] setpgid(0, 0) = 0 [pid 6221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6221] write(3, "1000", 4) = 4 [pid 6221] close(3) = 0 [pid 6221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6221] write(1, "executing program\n", 18executing program ) = 18 [pid 6221] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6221] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6222 attached [pid 6222] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6221] <... clone3 resumed> => {parent_tid=[6222]}, 88) = 6222 [pid 6222] <... rseq resumed>) = 0 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], [pid 6222] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], [pid 6221] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] <... futex resumed>) = 0 [pid 6222] memfd_create("syzkaller", 0 [pid 6221] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6222] <... memfd_create resumed>) = 3 [pid 6222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6222] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6222] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6222] close(3) = 0 [pid 6222] close(4) = 0 [pid 6222] mkdir("./file2", 0777) = 0 [pid 6222] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6222] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] chdir("./file2") = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6222] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6222] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 0 [pid 6222] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6222] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6222] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 0 [ 198.847329][ T6222] loop0: detected capacity change from 0 to 256 [ 198.881046][ T6222] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6222] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6221] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6221] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6223 attached [pid 6223] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6223] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6221] <... clone3 resumed> => {parent_tid=[6223]}, 88) = 6223 [pid 6223] <... set_robust_list resumed>) = 0 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], [pid 6223] rt_sigprocmask(SIG_SETMASK, [], [pid 6221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6221] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6223] <... openat resumed>) = 5 [pid 6222] <... ioctl resumed>) = 0 [pid 6223] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6223] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] <... mprotect resumed>) = 0 [pid 6221] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6222] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6222] <... futex resumed>) = 0 [pid 6221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6222] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6224 attached [pid 6224] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6224] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6224] rt_sigprocmask(SIG_SETMASK, [], [pid 6221] <... clone3 resumed> => {parent_tid=[6224]}, 88) = 6224 [pid 6224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], [pid 6224] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6224] <... futex resumed>) = 0 [pid 6221] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6224] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6224] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6224] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] exit_group(0 [pid 6223] <... futex resumed>) = ? [pid 6222] <... futex resumed>) = ? [pid 6224] <... futex resumed>) = ? [pid 6223] +++ exited with 0 +++ [pid 6222] +++ exited with 0 +++ [pid 6224] +++ exited with 0 +++ [pid 6221] <... exit_group resumed>) = ? [pid 6221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6221, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 199.096344][ T37] audit: type=1800 audit(1753855668.940:117): pid=6223 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=237 res=0 errno=0 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6225 attached [pid 6225] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6225] chdir("./118") = 0 [pid 6225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6225] setpgid(0, 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6225 [pid 6225] <... setpgid resumed>) = 0 [pid 6225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6225] write(3, "1000", 4) = 4 [pid 6225] close(3) = 0 [pid 6225] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6225] write(1, "executing program\n", 18) = 18 [pid 6225] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6225] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6226 attached [pid 6226] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6226] set_robust_list(0x7f8a95e509a0, 24 [pid 6225] <... clone3 resumed> => {parent_tid=[6226]}, 88) = 6226 [pid 6226] <... set_robust_list resumed>) = 0 [pid 6225] rt_sigprocmask(SIG_SETMASK, [], [pid 6226] rt_sigprocmask(SIG_SETMASK, [], [pid 6225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6225] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] memfd_create("syzkaller", 0 [pid 6225] <... futex resumed>) = 0 [pid 6226] <... memfd_create resumed>) = 3 [pid 6225] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6226] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6226] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6226] close(3) = 0 [pid 6226] close(4) = 0 [pid 6226] mkdir("./file2", 0777) = 0 [pid 6226] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6226] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6226] chdir("./file2") = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6226] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6226] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] <... futex resumed>) = 0 [pid 6226] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6225] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... openat resumed>) = 4 [pid 6226] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] <... futex resumed>) = 0 [pid 6226] <... futex resumed>) = 1 [pid 6225] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6225] <... futex resumed>) = 0 [ 199.678676][ T6226] loop0: detected capacity change from 0 to 256 [ 199.709360][ T6226] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6225] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6225] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6225] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6227 attached [pid 6227] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6225] <... clone3 resumed> => {parent_tid=[6227]}, 88) = 6227 [pid 6227] <... rseq resumed>) = 0 [pid 6225] rt_sigprocmask(SIG_SETMASK, [], [pid 6227] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] <... set_robust_list resumed>) = 0 [pid 6225] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6225] <... futex resumed>) = 0 [pid 6227] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6225] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... ioctl resumed>) = 0 [pid 6227] <... openat resumed>) = 5 [pid 6226] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6225] <... futex resumed>) = 0 [pid 6227] <... futex resumed>) = 1 [pid 6226] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] <... futex resumed>) = 0 [pid 6226] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6225] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6226] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... futex resumed>) = 0 [pid 6225] exit_group(0 [pid 6227] <... futex resumed>) = ? [pid 6225] <... exit_group resumed>) = ? [pid 6227] +++ exited with 0 +++ [pid 6226] <... futex resumed>) = ? [pid 6226] +++ exited with 0 +++ [pid 6225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6225, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 199.886612][ T37] audit: type=1800 audit(1753855669.730:118): pid=6227 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=239 res=0 errno=0 newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached , child_tidptr=0x55555c67f690) = 6228 [pid 6228] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6228] chdir("./119") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6228] write(1, "executing program\n", 18) = 18 [pid 6228] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6228] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6229 attached [pid 6229] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6228] <... clone3 resumed> => {parent_tid=[6229]}, 88) = 6229 [pid 6229] <... rseq resumed>) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6229] set_robust_list(0x7f8a95e509a0, 24 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] <... set_robust_list resumed>) = 0 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] <... futex resumed>) = 0 [pid 6229] memfd_create("syzkaller", 0 [pid 6228] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] <... memfd_create resumed>) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6229] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6229] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] close(4) = 0 [pid 6229] mkdir("./file2", 0777) = 0 [pid 6229] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6229] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./file2") = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6229] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... openat resumed>) = 4 [pid 6229] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6228] <... futex resumed>) = 0 [ 200.456938][ T6229] loop0: detected capacity change from 0 to 256 [ 200.502098][ T6229] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6228] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6228] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6230 attached [pid 6230] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6230] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6228] <... clone3 resumed> => {parent_tid=[6230]}, 88) = 6230 [pid 6230] <... set_robust_list resumed>) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6230] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] <... openat resumed>) = 5 [pid 6229] <... ioctl resumed>) = 0 [pid 6230] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... mmap resumed>) = 0x7f8a95dee000 [pid 6230] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6229] <... futex resumed>) = 0 [pid 6228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6229] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6231 attached [pid 6231] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6231] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6228] <... clone3 resumed> => {parent_tid=[6231]}, 88) = 6231 [pid 6231] <... set_robust_list resumed>) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6228] <... futex resumed>) = 0 [pid 6231] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6228] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6228] exit_group(0 [pid 6231] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6230] <... futex resumed>) = ? [pid 6229] <... futex resumed>) = ? [pid 6228] <... exit_group resumed>) = ? [pid 6231] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.676546][ T37] audit: type=1800 audit(1753855670.520:119): pid=6230 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=241 res=0 errno=0 newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6232 ./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6232] chdir("./120") = 0 [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6232] setpgid(0, 0) = 0 [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6232] write(3, "1000", 4) = 4 [pid 6232] close(3) = 0 [pid 6232] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6232] write(1, "executing program\n", 18) = 18 [pid 6232] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6232] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6233]}, 88) = 6233 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6232] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6233 attached ) = 0 [pid 6232] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6233] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] memfd_create("syzkaller", 0) = 3 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6233] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6233] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6233] close(3) = 0 [pid 6233] close(4) = 0 [pid 6233] mkdir("./file2", 0777) = 0 [pid 6233] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6233] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file2") = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6233] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6233] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6232] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... openat resumed>) = 4 [pid 6233] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6232] <... futex resumed>) = 0 [ 201.108028][ T6233] loop0: detected capacity change from 0 to 256 [ 201.138530][ T6233] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6232] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6232] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6232] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6234 attached [pid 6234] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6234] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6232] <... clone3 resumed> => {parent_tid=[6234]}, 88) = 6234 [pid 6234] <... set_robust_list resumed>) = 0 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6234] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... ioctl resumed>) = 0 [pid 6233] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... openat resumed>) = 5 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6232] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6233] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6233] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] exit_group(0 [pid 6234] <... futex resumed>) = ? [pid 6233] <... futex resumed>) = ? [pid 6232] <... exit_group resumed>) = ? [pid 6234] +++ exited with 0 +++ [pid 6233] +++ exited with 0 +++ [pid 6232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6232, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 201.306584][ T37] audit: type=1800 audit(1753855671.150:120): pid=6234 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=243 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6235 attached , child_tidptr=0x55555c67f690) = 6235 [pid 6235] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6235] chdir("./121") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6235] write(1, "executing program\n", 18) = 18 [pid 6235] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6235] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6236 attached [pid 6236] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6235] <... clone3 resumed> => {parent_tid=[6236]}, 88) = 6236 [pid 6236] <... rseq resumed>) = 0 [pid 6236] set_robust_list(0x7f8a95e509a0, 24 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] <... set_robust_list resumed>) = 0 [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] rt_sigprocmask(SIG_SETMASK, [], [pid 6235] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] <... futex resumed>) = 0 [pid 6236] memfd_create("syzkaller", 0 [pid 6235] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... memfd_create resumed>) = 3 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6236] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6236] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6236] close(3) = 0 [pid 6236] close(4) = 0 [pid 6236] mkdir("./file2", 0777) = 0 [pid 6236] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6236] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 201.850803][ T6236] loop0: detected capacity change from 0 to 256 [pid 6236] chdir("./file2") = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6236] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6236] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6235] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] <... openat resumed>) = 4 [pid 6236] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6236] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] <... futex resumed>) = 0 [pid 6235] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 201.888560][ T6236] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6236] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6235] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6235] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6235] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6237 attached [pid 6237] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6235] <... clone3 resumed> => {parent_tid=[6237]}, 88) = 6237 [pid 6237] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6237] <... set_robust_list resumed>) = 0 [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6237] rt_sigprocmask(SIG_SETMASK, [], [pid 6235] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] <... futex resumed>) = 0 [pid 6237] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6235] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6235] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6235] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6238 attached => {parent_tid=[6238]}, 88) = 6238 [pid 6238] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6238] <... rseq resumed>) = 0 [pid 6238] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6238] <... set_robust_list resumed>) = 0 [pid 6235] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6235] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EBADF (Bad file descriptor) [pid 6238] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6238] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6236] <... ioctl resumed>) = 0 [pid 6236] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... openat resumed>) = 5 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] exit_group(0 [pid 6238] <... futex resumed>) = ? [pid 6237] <... futex resumed>) = ? [pid 6235] <... exit_group resumed>) = ? [pid 6238] +++ exited with 0 +++ [pid 6237] +++ exited with 0 +++ [pid 6236] <... futex resumed>) = ? [pid 6236] +++ exited with 0 +++ [pid 6235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 202.176434][ T37] audit: type=1800 audit(1753855672.020:121): pid=6237 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=245 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6239 attached [pid 6239] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6239] chdir("./122") = 0 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6239 [pid 6239] <... prctl resumed>) = 0 [pid 6239] setpgid(0, 0) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6239] write(3, "1000", 4) = 4 [pid 6239] close(3) = 0 [pid 6239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6239] write(1, "executing program\n", 18executing program ) = 18 [pid 6239] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6239] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6240 attached [pid 6240] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6240] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6239] <... clone3 resumed> => {parent_tid=[6240]}, 88) = 6240 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6240] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6239] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] memfd_create("syzkaller", 0 [pid 6239] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6240] <... memfd_create resumed>) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6240] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6240] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6240] mkdir("./file2", 0777) = 0 [pid 6240] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6240] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./file2") = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6240] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] <... futex resumed>) = 0 [pid 6240] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6239] <... futex resumed>) = 1 [pid 6240] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6239] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... openat resumed>) = 4 [pid 6240] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6240] <... futex resumed>) = 1 [pid 6239] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6239] <... futex resumed>) = 0 [ 202.764156][ T6240] loop0: detected capacity change from 0 to 256 [ 202.795275][ T6240] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6239] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6239] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6239] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6241 attached => {parent_tid=[6241]}, 88) = 6241 [pid 6241] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6241] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 6239] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6239] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6239] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6239] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6242 attached [pid 6240] <... ioctl resumed>) = 0 [pid 6242] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6241] <... openat resumed>) = 5 [pid 6240] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... clone3 resumed> => {parent_tid=[6242]}, 88) = 6242 [pid 6242] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6241] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6242] <... set_robust_list resumed>) = 0 [pid 6241] <... futex resumed>) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] rt_sigprocmask(SIG_SETMASK, [], [pid 6241] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6242] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6242] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] <... futex resumed>) = 0 [pid 6239] exit_group(0 [pid 6241] <... futex resumed>) = ? [pid 6240] <... futex resumed>) = ? [pid 6239] <... exit_group resumed>) = ? [pid 6242] <... futex resumed>) = ? [pid 6241] +++ exited with 0 +++ [pid 6242] +++ exited with 0 +++ [pid 6240] +++ exited with 0 +++ [pid 6239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 203.027442][ T37] audit: type=1800 audit(1753855672.870:122): pid=6241 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=247 res=0 errno=0 unlink("./122/binderfs") = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6243 attached , child_tidptr=0x55555c67f690) = 6243 [pid 6243] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6243] chdir("./123") = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] setpgid(0, 0) = 0 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6243] write(3, "1000", 4) = 4 [pid 6243] close(3) = 0 [pid 6243] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6243] write(1, "executing program\n", 18) = 18 [pid 6243] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6243] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6244 attached [pid 6244] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6243] <... clone3 resumed> => {parent_tid=[6244]}, 88) = 6244 [pid 6244] <... rseq resumed>) = 0 [pid 6244] set_robust_list(0x7f8a95e509a0, 24 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], [pid 6244] <... set_robust_list resumed>) = 0 [pid 6243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6244] rt_sigprocmask(SIG_SETMASK, [], [pid 6243] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6244] memfd_create("syzkaller", 0 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6244] <... memfd_create resumed>) = 3 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6244] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6244] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6244] close(3) = 0 [pid 6244] close(4) = 0 [pid 6244] mkdir("./file2", 0777) = 0 [pid 6244] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6244] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./file2") = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6244] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6244] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 203.555383][ T6244] loop0: detected capacity change from 0 to 256 [pid 6244] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6244] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6244] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] <... futex resumed>) = 0 [pid 6243] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6243] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 203.598695][ T6244] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6243] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6243] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6245 attached => {parent_tid=[6245]}, 88) = 6245 [pid 6245] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6243] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... rseq resumed>) = 0 [pid 6243] <... futex resumed>) = 0 [pid 6245] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6243] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6245] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6244] <... ioctl resumed>) = 0 [pid 6245] <... openat resumed>) = 5 [pid 6244] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] <... futex resumed>) = 0 [pid 6243] <... futex resumed>) = 0 [pid 6244] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6243] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6243] <... futex resumed>) = 0 [pid 6244] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6243] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6244] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] exit_group(0 [pid 6245] <... futex resumed>) = ? [pid 6245] +++ exited with 0 +++ [pid 6244] <... futex resumed>) = ? [pid 6243] <... exit_group resumed>) = ? [pid 6244] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 203.746580][ T37] audit: type=1800 audit(1753855673.590:123): pid=6245 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=249 res=0 errno=0 unlink("./123/binderfs") = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6246 attached [pid 6246] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6246 [pid 6246] chdir("./124") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6246] write(1, "executing program\n", 18) = 18 [pid 6246] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6246] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6247 attached [pid 6247] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6246] <... clone3 resumed> => {parent_tid=[6247]}, 88) = 6247 [pid 6247] <... rseq resumed>) = 0 [pid 6247] set_robust_list(0x7f8a95e509a0, 24 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], [pid 6247] <... set_robust_list resumed>) = 0 [pid 6246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6247] rt_sigprocmask(SIG_SETMASK, [], [pid 6246] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6246] <... futex resumed>) = 0 [pid 6247] memfd_create("syzkaller", 0 [pid 6246] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6247] <... memfd_create resumed>) = 3 [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6247] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6247] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6247] close(3) = 0 [pid 6247] close(4) = 0 [pid 6247] mkdir("./file2", 0777) = 0 [pid 6247] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [ 204.258212][ T6247] loop0: detected capacity change from 0 to 256 [pid 6247] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6247] chdir("./file2") = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6247] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6247] <... futex resumed>) = 1 [pid 6246] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... openat resumed>) = 4 [pid 6247] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... futex resumed>) = 0 [pid 6247] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6246] <... futex resumed>) = 1 [ 204.313647][ T6247] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6246] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6246] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6246] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6248 attached [pid 6248] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6246] <... clone3 resumed> => {parent_tid=[6248]}, 88) = 6248 [pid 6248] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], [pid 6248] <... set_robust_list resumed>) = 0 [pid 6246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6246] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6246] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6246] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6248] <... openat resumed>) = 5 [pid 6247] <... ioctl resumed>) = 0 [pid 6246] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6248] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... mprotect resumed>) = 0 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6247] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6247] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6249 attached [pid 6249] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6249] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6246] <... clone3 resumed> => {parent_tid=[6249]}, 88) = 6249 [pid 6249] <... set_robust_list resumed>) = 0 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6246] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6246] <... futex resumed>) = 0 [pid 6249] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6246] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] <... futex resumed>) = 0 [pid 6246] exit_group(0) = ? [pid 6248] <... futex resumed>) = ? [pid 6247] <... futex resumed>) = ? [pid 6249] +++ exited with 0 +++ [pid 6248] +++ exited with 0 +++ [pid 6247] +++ exited with 0 +++ [pid 6246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 204.526400][ T37] audit: type=1800 audit(1753855674.370:124): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=251 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6250 attached , child_tidptr=0x55555c67f690) = 6250 [pid 6250] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6250] chdir("./125") = 0 [pid 6250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6250] setpgid(0, 0) = 0 [pid 6250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6250] write(3, "1000", 4) = 4 [pid 6250] close(3) = 0 [pid 6250] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6250] write(1, "executing program\n", 18) = 18 [pid 6250] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6250] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6252 attached [pid 6252] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6250] <... clone3 resumed> => {parent_tid=[6252]}, 88) = 6252 [pid 6252] <... rseq resumed>) = 0 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], [pid 6252] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], [pid 6250] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6250] <... futex resumed>) = 0 [pid 6252] memfd_create("syzkaller", 0 [pid 6250] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6252] <... memfd_create resumed>) = 3 [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6252] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6252] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6252] close(3) = 0 [pid 6252] close(4) = 0 [pid 6252] mkdir("./file2", 0777) = 0 [pid 6252] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6252] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6252] chdir("./file2") = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6252] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6252] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6250] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6250] <... futex resumed>) = 1 [pid 6252] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6250] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... openat resumed>) = 4 [ 205.060936][ T6252] loop0: detected capacity change from 0 to 256 [pid 6252] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6252] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6250] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6250] <... futex resumed>) = 0 [pid 6252] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6250] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 205.106094][ T6252] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6250] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6250] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6253 attached [pid 6253] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6250] <... clone3 resumed> => {parent_tid=[6253]}, 88) = 6253 [pid 6253] <... rseq resumed>) = 0 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6250] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] <... set_robust_list resumed>) = 0 [pid 6250] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6252] <... ioctl resumed>) = 0 [pid 6252] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6250] <... futex resumed>) = 0 [pid 6253] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6250] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6250] <... futex resumed>) = 0 [pid 6252] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6250] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6250] exit_group(0 [pid 6252] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6253] <... futex resumed>) = ? [pid 6250] <... exit_group resumed>) = ? [pid 6253] +++ exited with 0 +++ [pid 6252] <... futex resumed>) = ? [pid 6252] +++ exited with 0 +++ [pid 6250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6250, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 205.266497][ T37] audit: type=1800 audit(1753855675.110:125): pid=6253 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=253 res=0 errno=0 unlink("./125/binderfs") = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6255 attached , child_tidptr=0x55555c67f690) = 6255 [pid 6255] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6255] chdir("./126") = 0 [pid 6255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6255] setpgid(0, 0) = 0 [pid 6255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6255] write(3, "1000", 4) = 4 [pid 6255] close(3) = 0 [pid 6255] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6255] write(1, "executing program\n", 18) = 18 [pid 6255] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6255] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6256 attached [pid 6256] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6255] <... clone3 resumed> => {parent_tid=[6256]}, 88) = 6256 [pid 6256] set_robust_list(0x7f8a95e509a0, 24 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], [pid 6256] <... set_robust_list resumed>) = 0 [pid 6255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6255] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] memfd_create("syzkaller", 0 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] <... memfd_create resumed>) = 3 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6256] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6256] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6256] close(3) = 0 [pid 6256] close(4) = 0 [pid 6256] mkdir("./file2", 0777) = 0 [pid 6256] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6256] chdir("./file2") = 0 [ 205.721573][ T6256] loop0: detected capacity change from 0 to 256 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6256] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6256] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6256] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... openat resumed>) = 4 [pid 6256] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6256] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6256] <... futex resumed>) = 0 [pid 6255] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 205.763500][ T6256] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6256] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6255] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6255] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6257 attached [pid 6257] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6255] <... clone3 resumed> => {parent_tid=[6257]}, 88) = 6257 [pid 6257] <... rseq resumed>) = 0 [pid 6257] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], [pid 6257] <... set_robust_list resumed>) = 0 [pid 6257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6257] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6257] <... futex resumed>) = 0 [pid 6255] <... futex resumed>) = 1 [pid 6257] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6255] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6255] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6255] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6257] <... openat resumed>) = 5 [pid 6256] <... ioctl resumed>) = 0 [pid 6257] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6256] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6256] <... futex resumed>) = 0 [pid 6255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6256] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6259 attached [pid 6259] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6255] <... clone3 resumed> => {parent_tid=[6259]}, 88) = 6259 [pid 6259] <... rseq resumed>) = 0 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], [pid 6259] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] <... set_robust_list resumed>) = 0 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], [pid 6255] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6259] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 0 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6259] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] exit_group(0 [pid 6257] <... futex resumed>) = ? [pid 6259] <... futex resumed>) = ? [pid 6256] <... futex resumed>) = ? [pid 6255] <... exit_group resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6257] +++ exited with 0 +++ [pid 6256] +++ exited with 0 +++ [pid 6255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6255, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 205.996479][ T37] audit: type=1800 audit(1753855675.840:126): pid=6257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=255 res=0 errno=0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6261 attached , child_tidptr=0x55555c67f690) = 6261 [pid 6261] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6261] chdir("./127") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6261] write(1, "executing program\n", 18) = 18 [pid 6261] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6261] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6262 attached [pid 6262] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6261] <... clone3 resumed> => {parent_tid=[6262]}, 88) = 6262 [pid 6262] <... rseq resumed>) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6262] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6261] <... futex resumed>) = 0 [pid 6262] memfd_create("syzkaller", 0 [pid 6261] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] <... memfd_create resumed>) = 3 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6262] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6262] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6262] close(3) = 0 [pid 6262] close(4) = 0 [pid 6262] mkdir("./file2", 0777) = 0 [pid 6262] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6262] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6262] chdir("./file2") = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6262] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6262] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6261] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... openat resumed>) = 4 [pid 6262] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6262] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6261] <... futex resumed>) = 0 [ 206.623170][ T6262] loop0: detected capacity change from 0 to 256 [ 206.651916][ T6262] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6261] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6261] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6261] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6263 attached [pid 6263] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6261] <... clone3 resumed> => {parent_tid=[6263]}, 88) = 6263 [pid 6263] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6261] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... ioctl resumed>) = 0 [pid 6262] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... openat resumed>) = 5 [pid 6262] <... futex resumed>) = 0 [pid 6262] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6263] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6261] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] exit_group(0 [pid 6263] <... futex resumed>) = ? [pid 6262] <... futex resumed>) = ? [pid 6261] <... exit_group resumed>) = ? [pid 6263] +++ exited with 0 +++ [pid 6262] +++ exited with 0 +++ [pid 6261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 206.866915][ T37] audit: type=1800 audit(1753855676.710:127): pid=6263 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=257 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6264 attached [pid 6264] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6264 [pid 6264] chdir("./128") = 0 [pid 6264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6264] setpgid(0, 0) = 0 [pid 6264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6264] write(3, "1000", 4) = 4 [pid 6264] close(3) = 0 [pid 6264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6264] write(1, "executing program\n", 18executing program ) = 18 [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6264] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6266 attached [pid 6266] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6264] <... clone3 resumed> => {parent_tid=[6266]}, 88) = 6266 [pid 6266] <... rseq resumed>) = 0 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6266] set_robust_list(0x7f8a95e509a0, 24 [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6266] <... set_robust_list resumed>) = 0 [pid 6264] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] rt_sigprocmask(SIG_SETMASK, [], [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6266] memfd_create("syzkaller", 0) = 3 [pid 6266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6266] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6266] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6266] close(3) = 0 [pid 6266] close(4) = 0 [pid 6266] mkdir("./file2", 0777) = 0 [pid 6266] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6266] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6266] chdir("./file2") = 0 [pid 6266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6266] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6266] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6266] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6266] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6266] <... futex resumed>) = 1 [pid 6264] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6264] <... futex resumed>) = 0 [ 207.371112][ T6266] loop0: detected capacity change from 0 to 256 [ 207.404205][ T6266] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6264] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6264] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6267 attached [pid 6266] <... ioctl resumed>) = 0 [pid 6264] <... clone3 resumed> => {parent_tid=[6267]}, 88) = 6267 [pid 6267] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6266] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6267] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6267] <... set_robust_list resumed>) = 0 [pid 6267] rt_sigprocmask(SIG_SETMASK, [], [pid 6266] <... futex resumed>) = 0 [pid 6264] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6267] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6267] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6266] <... futex resumed>) = 0 [pid 6266] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6264] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6266] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6266] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6266] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] exit_group(0 [pid 6267] <... futex resumed>) = ? [pid 6266] <... futex resumed>) = ? [pid 6264] <... exit_group resumed>) = ? [pid 6267] +++ exited with 0 +++ [pid 6266] +++ exited with 0 +++ [pid 6264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6264, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 207.590528][ T37] audit: type=1800 audit(1753855677.430:128): pid=6267 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=259 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6268 attached , child_tidptr=0x55555c67f690) = 6268 [pid 6268] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6268] chdir("./129") = 0 [pid 6268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6268] setpgid(0, 0) = 0 [pid 6268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6268] write(3, "1000", 4) = 4 [pid 6268] close(3) = 0 [pid 6268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6268] write(1, "executing program\n", 18) = 18 executing program [pid 6268] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6268] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6269 attached [pid 6269] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6268] <... clone3 resumed> => {parent_tid=[6269]}, 88) = 6269 [pid 6269] set_robust_list(0x7f8a95e509a0, 24 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6269] <... set_robust_list resumed>) = 0 [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] <... futex resumed>) = 0 [pid 6269] memfd_create("syzkaller", 0 [pid 6268] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6269] <... memfd_create resumed>) = 3 [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6269] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6269] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6269] close(3) = 0 [pid 6269] close(4) = 0 [pid 6269] mkdir("./file2", 0777) = 0 [pid 6269] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6269] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6269] chdir("./file2") = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6269] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6269] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6268] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] <... openat resumed>) = 4 [pid 6269] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = 0 [pid 6269] <... futex resumed>) = 1 [pid 6268] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6268] <... futex resumed>) = 0 [ 208.149517][ T6269] loop0: detected capacity change from 0 to 256 [ 208.188526][ T6269] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6268] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6268] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6268] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6270 attached [pid 6270] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6268] <... clone3 resumed> => {parent_tid=[6270]}, 88) = 6270 [pid 6270] <... rseq resumed>) = 0 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6270] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6270] <... set_robust_list resumed>) = 0 [pid 6268] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] <... futex resumed>) = 0 [pid 6270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6268] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] <... openat resumed>) = 5 [pid 6269] <... ioctl resumed>) = 0 [pid 6270] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6270] <... futex resumed>) = 0 [pid 6269] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... mmap resumed>) = 0x7f8a95dee000 [pid 6270] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] <... futex resumed>) = 0 [pid 6269] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6271 attached => {parent_tid=[6271]}, 88) = 6271 [pid 6271] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6271] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6271] <... set_robust_list resumed>) = 0 [pid 6268] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6271] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6268] <... futex resumed>) = 0 [pid 6271] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6268] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6271] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] exit_group(0 [pid 6269] <... futex resumed>) = ? [pid 6271] <... futex resumed>) = ? [pid 6270] <... futex resumed>) = ? [pid 6268] <... exit_group resumed>) = ? [pid 6271] +++ exited with 0 +++ [pid 6269] +++ exited with 0 +++ [pid 6270] +++ exited with 0 +++ [pid 6268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6268, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 208.356489][ T37] audit: type=1800 audit(1753855678.200:129): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=261 res=0 errno=0 openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6273 attached [pid 6273] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6273 [pid 6273] chdir("./130") = 0 [pid 6273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6273] setpgid(0, 0) = 0 [pid 6273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6273] write(3, "1000", 4) = 4 [pid 6273] close(3) = 0 [pid 6273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6273] write(1, "executing program\n", 18executing program ) = 18 [pid 6273] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6273] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6274 attached [pid 6274] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6273] <... clone3 resumed> => {parent_tid=[6274]}, 88) = 6274 [pid 6274] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], [pid 6274] rt_sigprocmask(SIG_SETMASK, [], [pid 6273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6273] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] memfd_create("syzkaller", 0 [pid 6273] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6274] <... memfd_create resumed>) = 3 [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6274] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6274] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6274] close(3) = 0 [pid 6274] close(4) = 0 [pid 6274] mkdir("./file2", 0777) = 0 [pid 6274] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6274] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6274] chdir("./file2") = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6274] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6273] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... openat resumed>) = 4 [pid 6274] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6273] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6273] <... futex resumed>) = 0 [ 208.882332][ T6274] loop0: detected capacity change from 0 to 256 [ 208.911746][ T6274] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6273] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6273] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6273] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6275 attached [pid 6275] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6273] <... clone3 resumed> => {parent_tid=[6275]}, 88) = 6275 [pid 6275] <... rseq resumed>) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] <... set_robust_list resumed>) = 0 [pid 6273] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6273] <... futex resumed>) = 0 [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6273] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... ioctl resumed>) = 0 [pid 6275] <... openat resumed>) = 5 [pid 6275] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] <... futex resumed>) = 0 [pid 6273] <... futex resumed>) = 1 [pid 6274] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6273] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6274] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] exit_group(0 [pid 6274] <... futex resumed>) = ? [pid 6273] <... exit_group resumed>) = ? [pid 6274] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ [pid 6273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6273, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 209.087032][ T37] audit: type=1800 audit(1753855678.930:130): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=263 res=0 errno=0 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6276 attached [pid 6276] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6276 [pid 6276] <... set_robust_list resumed>) = 0 [pid 6276] chdir("./131") = 0 [pid 6276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6276] setpgid(0, 0) = 0 [pid 6276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6276] write(3, "1000", 4) = 4 [pid 6276] close(3) = 0 [pid 6276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6276] write(1, "executing program\n", 18) = 18 executing program [pid 6276] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6276] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6277 attached [pid 6277] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6276] <... clone3 resumed> => {parent_tid=[6277]}, 88) = 6277 [pid 6277] set_robust_list(0x7f8a95e509a0, 24 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], [pid 6277] <... set_robust_list resumed>) = 0 [pid 6276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6276] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] rt_sigprocmask(SIG_SETMASK, [], [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6277] memfd_create("syzkaller", 0) = 3 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6277] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6277] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6277] close(3) = 0 [pid 6277] close(4) = 0 [pid 6277] mkdir("./file2", 0777) = 0 [pid 6277] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6277] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6277] chdir("./file2") = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6277] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6277] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = 0 [pid 6276] <... futex resumed>) = 1 [pid 6277] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6277] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 0 [pid 6276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 209.562148][ T6277] loop0: detected capacity change from 0 to 256 [ 209.583767][ T6277] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6277] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6276] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6276] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6276] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6278 attached [pid 6278] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6276] <... clone3 resumed> => {parent_tid=[6278]}, 88) = 6278 [pid 6278] <... rseq resumed>) = 0 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6278] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6276] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6278] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6277] <... ioctl resumed>) = 0 [pid 6278] <... openat resumed>) = 5 [pid 6277] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6278] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6277] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] exit_group(0 [pid 6277] <... futex resumed>) = 1 [pid 6276] <... exit_group resumed>) = ? [pid 6278] <... futex resumed>) = ? [pid 6277] +++ exited with 0 +++ [pid 6278] +++ exited with 0 +++ [pid 6276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6276, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 209.756985][ T37] audit: type=1800 audit(1753855679.600:131): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=265 res=0 errno=0 newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6279 ./strace-static-x86_64: Process 6279 attached [pid 6279] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6279] chdir("./132") = 0 [pid 6279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6279] setpgid(0, 0) = 0 [pid 6279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6279] write(3, "1000", 4executing program ) = 4 [pid 6279] close(3) = 0 [pid 6279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6279] write(1, "executing program\n", 18) = 18 [pid 6279] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6279] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6280 attached [pid 6280] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6279] <... clone3 resumed> => {parent_tid=[6280]}, 88) = 6280 [pid 6280] <... rseq resumed>) = 0 [pid 6280] set_robust_list(0x7f8a95e509a0, 24 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], [pid 6280] <... set_robust_list resumed>) = 0 [pid 6279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6280] rt_sigprocmask(SIG_SETMASK, [], [pid 6279] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6280] memfd_create("syzkaller", 0) = 3 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6280] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6280] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6280] close(3) = 0 [pid 6280] close(4) = 0 [pid 6280] mkdir("./file2", 0777) = 0 [pid 6280] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6280] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 210.181611][ T6280] loop0: detected capacity change from 0 to 256 [pid 6280] chdir("./file2") = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6280] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6280] <... futex resumed>) = 1 [pid 6279] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6279] <... futex resumed>) = 0 [pid 6280] <... openat resumed>) = 4 [pid 6279] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6280] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6280] <... futex resumed>) = 0 [pid 6279] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 210.224276][ T6280] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6280] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6279] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6279] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6279] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6281 attached => {parent_tid=[6281]}, 88) = 6281 [pid 6281] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], [pid 6281] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6279] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6281] <... set_robust_list resumed>) = 0 [pid 6281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6281] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6280] <... ioctl resumed>) = 0 [pid 6281] <... openat resumed>) = 5 [pid 6280] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... futex resumed>) = 0 [pid 6281] <... futex resumed>) = 1 [pid 6280] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] <... futex resumed>) = 0 [pid 6281] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... futex resumed>) = 0 [pid 6279] <... futex resumed>) = 1 [pid 6280] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6279] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6280] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6280] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] exit_group(0 [pid 6281] <... futex resumed>) = ? [pid 6280] <... futex resumed>) = ? [pid 6281] +++ exited with 0 +++ [pid 6280] +++ exited with 0 +++ [pid 6279] <... exit_group resumed>) = ? [pid 6279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6279, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 210.386818][ T37] audit: type=1800 audit(1753855680.230:132): pid=6281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=267 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6282 attached [pid 6282] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6282 [pid 6282] chdir("./133") = 0 [pid 6282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6282] setpgid(0, 0) = 0 [pid 6282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6282] write(3, "1000", 4) = 4 [pid 6282] close(3) = 0 [pid 6282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6282] write(1, "executing program\n", 18executing program ) = 18 [pid 6282] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6282] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6283 attached [pid 6283] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6282] <... clone3 resumed> => {parent_tid=[6283]}, 88) = 6283 [pid 6283] <... rseq resumed>) = 0 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], [pid 6283] set_robust_list(0x7f8a95e509a0, 24 [pid 6282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6283] <... set_robust_list resumed>) = 0 [pid 6282] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] <... futex resumed>) = 0 [pid 6283] memfd_create("syzkaller", 0 [pid 6282] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6283] <... memfd_create resumed>) = 3 [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6283] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6283] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6283] close(3) = 0 [pid 6283] close(4) = 0 [pid 6283] mkdir("./file2", 0777) = 0 [pid 6283] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6283] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6283] chdir("./file2") = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6283] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... openat resumed>) = 4 [ 210.866993][ T6283] loop0: detected capacity change from 0 to 256 [pid 6283] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6282] <... futex resumed>) = 0 [pid 6283] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 210.911070][ T6283] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6282] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6282] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6282] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6284 attached => {parent_tid=[6284]}, 88) = 6284 [pid 6284] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... rseq resumed>) = 0 [pid 6282] <... futex resumed>) = 0 [pid 6284] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6282] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... set_robust_list resumed>) = 0 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6284] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6282] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6282] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6284] <... openat resumed>) = 5 [pid 6283] <... ioctl resumed>) = 0 [pid 6282] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6284] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6285 attached [pid 6285] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6283] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] <... clone3 resumed> => {parent_tid=[6285]}, 88) = 6285 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], [pid 6285] <... rseq resumed>) = 0 [pid 6285] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6282] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... set_robust_list resumed>) = 0 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6285] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6285] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] <... futex resumed>) = 0 [pid 6282] exit_group(0 [pid 6285] <... futex resumed>) = ? [pid 6284] <... futex resumed>) = ? [pid 6283] <... futex resumed>) = ? [pid 6282] <... exit_group resumed>) = ? [pid 6285] +++ exited with 0 +++ [pid 6284] +++ exited with 0 +++ [pid 6283] +++ exited with 0 +++ [pid 6282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6282, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 211.116673][ T37] audit: type=1800 audit(1753855680.960:133): pid=6284 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=269 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6286 attached , child_tidptr=0x55555c67f690) = 6286 [pid 6286] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6286] chdir("./134") = 0 [pid 6286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6286] setpgid(0, 0) = 0 [pid 6286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6286] write(3, "1000", 4) = 4 [pid 6286] close(3) = 0 [pid 6286] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6286] write(1, "executing program\n", 18) = 18 [pid 6286] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6286] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6286] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6287 attached [pid 6287] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6287] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6286] <... clone3 resumed> => {parent_tid=[6287]}, 88) = 6287 [pid 6287] rt_sigprocmask(SIG_SETMASK, [], [pid 6286] rt_sigprocmask(SIG_SETMASK, [], [pid 6287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6287] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6286] <... futex resumed>) = 0 [pid 6287] memfd_create("syzkaller", 0 [pid 6286] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6287] <... memfd_create resumed>) = 3 [pid 6287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6287] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6287] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6287] close(3) = 0 [pid 6287] close(4) = 0 [pid 6287] mkdir("./file2", 0777) = 0 [pid 6287] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6287] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6287] chdir("./file2") = 0 [pid 6287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6287] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6287] <... futex resumed>) = 1 [pid 6286] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6286] <... futex resumed>) = 0 [pid 6287] <... openat resumed>) = 4 [pid 6286] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6287] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 6286] <... futex resumed>) = 1 [pid 6287] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 211.687554][ T6287] loop0: detected capacity change from 0 to 256 [ 211.715961][ T6287] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6286] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6286] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6286] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6288 attached [pid 6288] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6286] <... clone3 resumed> => {parent_tid=[6288]}, 88) = 6288 [pid 6288] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6286] rt_sigprocmask(SIG_SETMASK, [], [pid 6288] <... set_robust_list resumed>) = 0 [pid 6286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6288] rt_sigprocmask(SIG_SETMASK, [], [pid 6286] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6286] <... futex resumed>) = 0 [pid 6288] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6286] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] <... ioctl resumed>) = 0 [pid 6288] <... openat resumed>) = 5 [pid 6287] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... futex resumed>) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6288] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 6286] <... futex resumed>) = 1 [pid 6287] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6286] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6287] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6286] exit_group(0) = ? [pid 6288] <... futex resumed>) = ? [pid 6287] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ [pid 6286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6286, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 211.896839][ T37] audit: type=1800 audit(1753855681.740:134): pid=6288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=271 res=0 errno=0 openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6289 attached [pid 6289] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6289] chdir("./135") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6289 [pid 6289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6289] setpgid(0, 0) = 0 [pid 6289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6289] write(3, "1000", 4) = 4 [pid 6289] close(3) = 0 [pid 6289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6289] write(1, "executing program\n", 18) = 18 [pid 6289] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6289] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6290 attached => {parent_tid=[6290]}, 88) = 6290 [pid 6290] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], [pid 6290] <... rseq resumed>) = 0 [pid 6289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6290] set_robust_list(0x7f8a95e509a0, 24 [pid 6289] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... set_robust_list resumed>) = 0 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6289] <... futex resumed>) = 0 [pid 6289] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6290] memfd_create("syzkaller", 0) = 3 [pid 6290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6290] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6290] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6290] close(3) = 0 [pid 6290] close(4) = 0 [pid 6290] mkdir("./file2", 0777) = 0 [pid 6290] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6290] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6290] chdir("./file2") = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6290] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] <... futex resumed>) = 0 [pid 6290] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6289] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6290] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] <... futex resumed>) = 0 [pid 6290] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] <... futex resumed>) = 0 [pid 6290] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 212.408350][ T6290] loop0: detected capacity change from 0 to 256 [ 212.434046][ T6290] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6289] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6289] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6289] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6291 attached [pid 6291] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6291] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6289] <... clone3 resumed> => {parent_tid=[6291]}, 88) = 6291 [pid 6291] <... set_robust_list resumed>) = 0 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6289] <... futex resumed>) = 0 [pid 6289] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6289] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6289] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6291] <... openat resumed>) = 5 [pid 6290] <... ioctl resumed>) = 0 [pid 6291] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... mprotect resumed>) = 0 [pid 6291] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6292 attached [pid 6292] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6292] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6289] <... clone3 resumed> => {parent_tid=[6292]}, 88) = 6292 [pid 6292] <... set_robust_list resumed>) = 0 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], [pid 6292] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6289] <... futex resumed>) = 0 [pid 6292] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6292] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = 0 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6292] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] exit_group(0 [pid 6292] <... futex resumed>) = ? [pid 6291] <... futex resumed>) = ? [pid 6290] <... futex resumed>) = ? [pid 6289] <... exit_group resumed>) = ? [pid 6292] +++ exited with 0 +++ [pid 6291] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ [pid 6289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6289, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 212.646846][ T37] audit: type=1800 audit(1753855682.490:135): pid=6291 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=273 res=0 errno=0 openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6293 attached , child_tidptr=0x55555c67f690) = 6293 [pid 6293] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6293] chdir("./136") = 0 [pid 6293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6293] setpgid(0, 0) = 0 [pid 6293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6293] write(3, "1000", 4) = 4 [pid 6293] close(3) = 0 [pid 6293] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6293] write(1, "executing program\n", 18) = 18 [pid 6293] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6293] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6294 attached [pid 6294] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6293] <... clone3 resumed> => {parent_tid=[6294]}, 88) = 6294 [pid 6294] set_robust_list(0x7f8a95e509a0, 24 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], [pid 6294] <... set_robust_list resumed>) = 0 [pid 6293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6294] rt_sigprocmask(SIG_SETMASK, [], [pid 6293] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6293] <... futex resumed>) = 0 [pid 6294] memfd_create("syzkaller", 0 [pid 6293] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6294] <... memfd_create resumed>) = 3 [pid 6294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6294] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6294] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6294] close(3) = 0 [pid 6294] close(4) = 0 [pid 6294] mkdir("./file2", 0777) = 0 [pid 6294] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6294] chdir("./file2") = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6294] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... openat resumed>) = 4 [pid 6294] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6294] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6293] <... futex resumed>) = 0 [pid 6294] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 213.246955][ T6294] loop0: detected capacity change from 0 to 256 [ 213.274979][ T6294] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6293] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6293] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6293] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6295 attached [pid 6295] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6293] <... clone3 resumed> => {parent_tid=[6295]}, 88) = 6295 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], [pid 6295] <... rseq resumed>) = 0 [pid 6293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6295] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6293] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] <... set_robust_list resumed>) = 0 [pid 6295] rt_sigprocmask(SIG_SETMASK, [], [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6295] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6294] <... ioctl resumed>) = 0 [pid 6295] <... openat resumed>) = 5 [pid 6294] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6295] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6294] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6294] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] exit_group(0 [pid 6295] <... futex resumed>) = ? [pid 6293] <... exit_group resumed>) = ? [pid 6295] +++ exited with 0 +++ [pid 6294] <... futex resumed>) = ? [pid 6294] +++ exited with 0 +++ [pid 6293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6293, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 213.426887][ T37] audit: type=1800 audit(1753855683.270:136): pid=6295 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=275 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6296 attached [pid 6296] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6296 [pid 6296] <... set_robust_list resumed>) = 0 [pid 6296] chdir("./137") = 0 [pid 6296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6296] setpgid(0, 0) = 0 [pid 6296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6296] write(3, "1000", 4) = 4 [pid 6296] close(3) = 0 [pid 6296] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6296] write(1, "executing program\n", 18) = 18 [pid 6296] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6296] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6297 attached => {parent_tid=[6297]}, 88) = 6297 [pid 6297] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] <... rseq resumed>) = 0 [pid 6296] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] set_robust_list(0x7f8a95e509a0, 24 [pid 6296] <... futex resumed>) = 0 [pid 6297] <... set_robust_list resumed>) = 0 [pid 6296] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] memfd_create("syzkaller", 0) = 3 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6297] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6297] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6297] close(3) = 0 [pid 6297] close(4) = 0 [pid 6297] mkdir("./file2", 0777) = 0 [pid 6297] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6297] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6297] chdir("./file2") = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6297] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6297] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6296] <... futex resumed>) = 1 [pid 6297] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6296] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... openat resumed>) = 4 [pid 6297] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6297] <... futex resumed>) = 1 [pid 6296] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6296] <... futex resumed>) = 0 [ 214.070248][ T6297] loop0: detected capacity change from 0 to 256 [ 214.108769][ T6297] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6296] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6296] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6298 attached [pid 6298] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6296] <... clone3 resumed> => {parent_tid=[6298]}, 88) = 6298 [pid 6298] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6298] <... set_robust_list resumed>) = 0 [pid 6298] rt_sigprocmask(SIG_SETMASK, [], [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6296] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6296] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6299 attached [pid 6298] <... openat resumed>) = 5 [pid 6297] <... ioctl resumed>) = 0 [pid 6299] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6298] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... rseq resumed>) = 0 [pid 6298] <... futex resumed>) = 0 [pid 6297] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... clone3 resumed> => {parent_tid=[6299]}, 88) = 6299 [pid 6299] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6298] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6299] <... set_robust_list resumed>) = 0 [pid 6297] <... futex resumed>) = 0 [pid 6299] rt_sigprocmask(SIG_SETMASK, [], [pid 6297] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6299] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6296] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6296] <... futex resumed>) = 0 [pid 6299] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... futex resumed>) = 0 [pid 6296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6299] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] exit_group(0 [pid 6298] <... futex resumed>) = ? [pid 6297] <... futex resumed>) = ? [pid 6299] <... futex resumed>) = ? [pid 6298] +++ exited with 0 +++ [pid 6297] +++ exited with 0 +++ [pid 6296] <... exit_group resumed>) = ? [pid 6299] +++ exited with 0 +++ [pid 6296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6296, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 214.276510][ T37] audit: type=1800 audit(1753855684.120:137): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=277 res=0 errno=0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6300 attached , child_tidptr=0x55555c67f690) = 6300 [pid 6300] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6300] chdir("./138") = 0 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6300] write(3, "1000", 4) = 4 [pid 6300] close(3) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6300] write(1, "executing program\n", 18) = 18 [pid 6300] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6300] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6301 attached [pid 6301] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6300] <... clone3 resumed> => {parent_tid=[6301]}, 88) = 6301 [pid 6301] <... rseq resumed>) = 0 [pid 6301] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6301] rt_sigprocmask(SIG_SETMASK, [], [pid 6300] rt_sigprocmask(SIG_SETMASK, [], [pid 6301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6301] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6300] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = 1 [pid 6301] memfd_create("syzkaller", 0 [pid 6300] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6301] <... memfd_create resumed>) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6301] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6301] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6301] close(3) = 0 [pid 6301] close(4) = 0 [pid 6301] mkdir("./file2", 0777) = 0 [pid 6301] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6301] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6301] chdir("./file2") = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6301] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = 0 [pid 6301] <... futex resumed>) = 1 [pid 6300] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6300] <... futex resumed>) = 0 [pid 6300] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... openat resumed>) = 4 [ 214.693454][ T6301] loop0: detected capacity change from 0 to 256 [pid 6301] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6301] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 214.727749][ T6301] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6300] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6300] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6300] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6302 attached [pid 6302] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6302] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6300] <... clone3 resumed> => {parent_tid=[6302]}, 88) = 6302 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6300] rt_sigprocmask(SIG_SETMASK, [], [pid 6302] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6300] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6302] <... futex resumed>) = 0 [pid 6302] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6300] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... ioctl resumed>) = 0 [pid 6302] <... openat resumed>) = 5 [pid 6301] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6302] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6301] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6300] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] exit_group(0 [pid 6301] <... futex resumed>) = ? [pid 6302] <... futex resumed>) = ? [pid 6301] +++ exited with 0 +++ [pid 6300] <... exit_group resumed>) = ? [pid 6302] +++ exited with 0 +++ [pid 6300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 [ 214.906602][ T37] audit: type=1800 audit(1753855684.750:138): pid=6302 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=279 res=0 errno=0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6303 attached [pid 6303] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6303 [pid 6303] chdir("./139") = 0 [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6303] setpgid(0, 0) = 0 [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6303] write(3, "1000", 4) = 4 [pid 6303] close(3) = 0 [pid 6303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6303] write(1, "executing program\n", 18executing program ) = 18 [pid 6303] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6303] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6304]}, 88) = 6304 ./strace-static-x86_64: Process 6304 attached [pid 6303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6304] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6303] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] <... rseq resumed>) = 0 [pid 6303] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6304] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6304] memfd_create("syzkaller", 0) = 3 [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6304] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6304] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6304] close(3) = 0 [pid 6304] close(4) = 0 [pid 6304] mkdir("./file2", 0777) = 0 [pid 6304] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6304] chdir("./file2") = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6304] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6304] <... futex resumed>) = 1 [pid 6303] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 215.372235][ T6304] loop0: detected capacity change from 0 to 256 [pid 6304] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6304] <... futex resumed>) = 0 [pid 6304] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6303] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 215.407073][ T6304] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6303] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6303] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6303] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6303] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6305 attached [pid 6305] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6303] <... clone3 resumed> => {parent_tid=[6305]}, 88) = 6305 [pid 6305] <... rseq resumed>) = 0 [pid 6303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6303] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... set_robust_list resumed>) = 0 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6304] <... ioctl resumed>) = 0 [pid 6305] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6303] <... futex resumed>) = 0 [pid 6305] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6303] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6304] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] exit_group(0 [pid 6305] <... futex resumed>) = ? [pid 6304] <... futex resumed>) = ? [pid 6305] +++ exited with 0 +++ [pid 6304] +++ exited with 0 +++ [pid 6303] <... exit_group resumed>) = ? [pid 6303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 215.596750][ T37] audit: type=1800 audit(1753855685.440:139): pid=6305 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=281 res=0 errno=0 newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6306 attached , child_tidptr=0x55555c67f690) = 6306 [pid 6306] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6306] chdir("./140") = 0 [pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] setpgid(0, 0) = 0 [pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6306] write(3, "1000", 4) = 4 [pid 6306] close(3) = 0 [pid 6306] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6306] write(1, "executing program\n", 18) = 18 [pid 6306] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6306] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6307 attached [pid 6307] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6307] set_robust_list(0x7f8a95e509a0, 24 [pid 6306] <... clone3 resumed> => {parent_tid=[6307]}, 88) = 6307 [pid 6307] <... set_robust_list resumed>) = 0 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], [pid 6307] rt_sigprocmask(SIG_SETMASK, [], [pid 6306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6306] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6307] memfd_create("syzkaller", 0) = 3 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6307] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6307] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6307] close(3) = 0 [pid 6307] close(4) = 0 [pid 6307] mkdir("./file2", 0777) = 0 [pid 6307] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6307] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6307] chdir("./file2") = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6307] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6306] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6307] <... openat resumed>) = 4 [pid 6306] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [ 216.116236][ T6307] loop0: detected capacity change from 0 to 256 [ 216.154973][ T6307] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6307] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6306] <... futex resumed>) = 0 [pid 6307] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6306] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6306] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6306] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6308 attached [pid 6308] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6306] <... clone3 resumed> => {parent_tid=[6308]}, 88) = 6308 [pid 6308] <... rseq resumed>) = 0 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] <... set_robust_list resumed>) = 0 [pid 6306] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6306] <... futex resumed>) = 0 [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6306] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6306] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6307] <... ioctl resumed>) = 0 [pid 6308] <... openat resumed>) = 5 [pid 6308] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6307] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 0 [pid 6306] <... mmap resumed>) = 0x7f8a95dee000 [pid 6308] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6307] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6309 attached => {parent_tid=[6309]}, 88) = 6309 [pid 6309] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] <... rseq resumed>) = 0 [pid 6306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6306] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... set_robust_list resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6306] <... futex resumed>) = 0 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6306] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6309] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] <... futex resumed>) = 0 [pid 6306] exit_group(0 [pid 6309] <... futex resumed>) = ? [pid 6308] <... futex resumed>) = ? [pid 6307] <... futex resumed>) = ? [pid 6306] <... exit_group resumed>) = ? [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 6307] +++ exited with 0 +++ [pid 6306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 216.396610][ T37] audit: type=1800 audit(1753855686.240:140): pid=6308 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=283 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6310 attached [pid 6310] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6310 [pid 6310] chdir("./141") = 0 [pid 6310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6310] setpgid(0, 0) = 0 [pid 6310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6310] write(3, "1000", 4) = 4 [pid 6310] close(3) = 0 [pid 6310] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6310] write(1, "executing program\n", 18) = 18 [pid 6310] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6310] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6311 attached [pid 6311] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6310] <... clone3 resumed> => {parent_tid=[6311]}, 88) = 6311 [pid 6311] <... rseq resumed>) = 0 [pid 6311] set_robust_list(0x7f8a95e509a0, 24 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], [pid 6311] <... set_robust_list resumed>) = 0 [pid 6310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6311] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6310] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6310] <... futex resumed>) = 0 [pid 6311] memfd_create("syzkaller", 0 [pid 6310] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6311] <... memfd_create resumed>) = 3 [pid 6311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6311] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6311] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6311] close(3) = 0 [pid 6311] close(4) = 0 [pid 6311] mkdir("./file2", 0777) = 0 [pid 6311] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6311] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6311] chdir("./file2") = 0 [pid 6311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6311] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 0 [pid 6311] <... futex resumed>) = 1 [pid 6310] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6310] <... futex resumed>) = 0 [pid 6310] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] <... openat resumed>) = 4 [ 216.991944][ T6311] loop0: detected capacity change from 0 to 256 [pid 6311] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6310] <... futex resumed>) = 0 [pid 6311] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6310] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 0 [pid 6311] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6310] <... futex resumed>) = 1 [ 217.033845][ T6311] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6310] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6310] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6310] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6312 attached => {parent_tid=[6312]}, 88) = 6312 [pid 6312] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6312] <... set_robust_list resumed>) = 0 [pid 6310] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] <... futex resumed>) = 0 [pid 6312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6310] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6310] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6310] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6310] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6310] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] <... openat resumed>) = 5 [pid 6311] <... ioctl resumed>) = 0 [pid 6310] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6312] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6312] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6311] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6313 attached ) = 0 [pid 6313] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6311] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] <... rseq resumed>) = 0 [pid 6310] <... clone3 resumed> => {parent_tid=[6313]}, 88) = 6313 [pid 6313] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], [pid 6313] <... set_robust_list resumed>) = 0 [pid 6310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6310] <... futex resumed>) = 0 [pid 6313] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6310] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6313] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6310] <... futex resumed>) = 0 [pid 6313] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6310] exit_group(0 [pid 6313] <... futex resumed>) = ? [pid 6312] <... futex resumed>) = ? [pid 6313] +++ exited with 0 +++ [pid 6312] +++ exited with 0 +++ [pid 6311] <... futex resumed>) = ? [pid 6310] <... exit_group resumed>) = ? [pid 6311] +++ exited with 0 +++ [pid 6310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6310, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 217.256420][ T37] audit: type=1800 audit(1753855687.100:141): pid=6312 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=285 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6314 attached [pid 6314] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6314 [pid 6314] <... set_robust_list resumed>) = 0 [pid 6314] chdir("./142") = 0 [pid 6314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6314] setpgid(0, 0) = 0 [pid 6314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6314] write(3, "1000", 4) = 4 [pid 6314] close(3) = 0 [pid 6314] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6314] write(1, "executing program\n", 18) = 18 [pid 6314] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6314] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6315 attached [pid 6315] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6315] set_robust_list(0x7f8a95e509a0, 24 [pid 6314] <... clone3 resumed> => {parent_tid=[6315]}, 88) = 6315 [pid 6315] <... set_robust_list resumed>) = 0 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], [pid 6315] rt_sigprocmask(SIG_SETMASK, [], [pid 6314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6314] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] memfd_create("syzkaller", 0 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6315] <... memfd_create resumed>) = 3 [pid 6315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6315] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6315] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6315] close(3) = 0 [pid 6315] close(4) = 0 [pid 6315] mkdir("./file2", 0777) = 0 [pid 6315] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6315] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6315] chdir("./file2") = 0 [pid 6315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6315] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6315] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6314] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... openat resumed>) = 4 [ 217.839423][ T6315] loop0: detected capacity change from 0 to 256 [ 217.874532][ T6315] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6315] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6314] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6314] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6316 attached [pid 6316] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6314] <... clone3 resumed> => {parent_tid=[6316]}, 88) = 6316 [pid 6316] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] <... set_robust_list resumed>) = 0 [pid 6314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] rt_sigprocmask(SIG_SETMASK, [], [pid 6314] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6314] <... futex resumed>) = 0 [pid 6316] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6314] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6314] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6314] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6316] <... openat resumed>) = 5 [pid 6315] <... ioctl resumed>) = 0 [pid 6316] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] <... mprotect resumed>) = 0 [pid 6316] <... futex resumed>) = 0 [pid 6315] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6316] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6317 attached [pid 6317] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6314] <... clone3 resumed> => {parent_tid=[6317]}, 88) = 6317 [pid 6317] <... rseq resumed>) = 0 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], [pid 6317] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6317] <... set_robust_list resumed>) = 0 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], [pid 6314] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6317] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6317] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6317] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] exit_group(0 [pid 6317] <... futex resumed>) = ? [pid 6315] <... futex resumed>) = ? [pid 6316] <... futex resumed>) = ? [pid 6314] <... exit_group resumed>) = ? [pid 6317] +++ exited with 0 +++ [pid 6315] +++ exited with 0 +++ [pid 6316] +++ exited with 0 +++ [pid 6314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6314, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 218.116471][ T37] audit: type=1800 audit(1753855687.960:142): pid=6316 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=287 res=0 errno=0 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6318 ./strace-static-x86_64: Process 6318 attached [pid 6318] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6318] chdir("./143") = 0 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6318] setpgid(0, 0) = 0 [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6318] write(3, "1000", 4) = 4 [pid 6318] close(3) = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6318] write(1, "executing program\n", 18executing program ) = 18 [pid 6318] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6318] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6319 attached [pid 6319] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6318] <... clone3 resumed> => {parent_tid=[6319]}, 88) = 6319 [pid 6319] <... rseq resumed>) = 0 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6319] set_robust_list(0x7f8a95e509a0, 24 [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6319] <... set_robust_list resumed>) = 0 [pid 6318] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6318] <... futex resumed>) = 0 [pid 6319] memfd_create("syzkaller", 0 [pid 6318] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6319] <... memfd_create resumed>) = 3 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6319] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6319] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6319] close(3) = 0 [pid 6319] close(4) = 0 [pid 6319] mkdir("./file2", 0777) = 0 [pid 6319] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6319] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6319] chdir("./file2") = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6319] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6319] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6319] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6318] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6318] <... futex resumed>) = 0 [ 218.638168][ T6319] loop0: detected capacity change from 0 to 256 [pid 6318] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6318] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.678541][ T6319] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6318] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6320 attached => {parent_tid=[6320]}, 88) = 6320 [pid 6320] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6320] <... rseq resumed>) = 0 [pid 6320] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6320] <... set_robust_list resumed>) = 0 [pid 6318] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6320] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6318] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6318] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6318] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6319] <... ioctl resumed>) = 0 [pid 6318] <... mprotect resumed>) = 0 [pid 6319] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... openat resumed>) = 5 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6319] <... futex resumed>) = 0 [pid 6318] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6319] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6321 attached [pid 6321] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6320] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6318] <... clone3 resumed> => {parent_tid=[6321]}, 88) = 6321 [pid 6321] <... set_robust_list resumed>) = 0 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6321] rt_sigprocmask(SIG_SETMASK, [], [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6318] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6318] <... futex resumed>) = 0 [pid 6321] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6318] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] exit_group(0 [pid 6321] <... futex resumed>) = ? [pid 6319] <... futex resumed>) = ? [pid 6318] <... exit_group resumed>) = ? [pid 6319] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 218.867519][ T37] audit: type=1800 audit(1753855688.710:143): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=289 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6322 attached [pid 6322] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6322] chdir("./144" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6322 [pid 6322] <... chdir resumed>) = 0 [pid 6322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6322] setpgid(0, 0) = 0 [pid 6322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6322] write(3, "1000", 4) = 4 [pid 6322] close(3) = 0 [pid 6322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6322] write(1, "executing program\n", 18executing program ) = 18 [pid 6322] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6322] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6322] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6323 attached [pid 6323] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6322] <... clone3 resumed> => {parent_tid=[6323]}, 88) = 6323 [pid 6323] <... rseq resumed>) = 0 [pid 6323] set_robust_list(0x7f8a95e509a0, 24 [pid 6322] rt_sigprocmask(SIG_SETMASK, [], [pid 6323] <... set_robust_list resumed>) = 0 [pid 6322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6322] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] rt_sigprocmask(SIG_SETMASK, [], [pid 6322] <... futex resumed>) = 0 [pid 6323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6322] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6323] memfd_create("syzkaller", 0) = 3 [pid 6323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6323] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6323] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6323] close(3) = 0 [pid 6323] close(4) = 0 [pid 6323] mkdir("./file2", 0777) = 0 [pid 6323] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6323] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6323] chdir("./file2") = 0 [pid 6323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6323] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6323] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6322] <... futex resumed>) = 0 [pid 6323] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6322] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... openat resumed>) = 4 [ 219.393140][ T6323] loop0: detected capacity change from 0 to 256 [pid 6323] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6323] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6323] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 219.429700][ T6323] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6322] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6322] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6322] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6324 attached => {parent_tid=[6324]}, 88) = 6324 [pid 6322] rt_sigprocmask(SIG_SETMASK, [], [pid 6324] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6324] <... rseq resumed>) = 0 [pid 6322] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6322] <... futex resumed>) = 0 [pid 6324] <... set_robust_list resumed>) = 0 [pid 6322] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6324] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6323] <... ioctl resumed>) = 0 [pid 6324] <... openat resumed>) = 5 [pid 6323] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] <... futex resumed>) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6324] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6323] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6322] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6323] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6322] exit_group(0 [pid 6323] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] <... futex resumed>) = ? [pid 6322] <... exit_group resumed>) = ? [pid 6324] +++ exited with 0 +++ [pid 6323] <... futex resumed>) = ? [pid 6323] +++ exited with 0 +++ [pid 6322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6322, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 219.606711][ T37] audit: type=1800 audit(1753855689.450:144): pid=6324 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=291 res=0 errno=0 newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6325 attached [pid 6325] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6325] chdir("./145" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6325 [pid 6325] <... chdir resumed>) = 0 [pid 6325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6325] setpgid(0, 0) = 0 [pid 6325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6325] write(3, "1000", 4) = 4 [pid 6325] close(3) = 0 [pid 6325] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6325] write(1, "executing program\n", 18) = 18 [pid 6325] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6325] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6326 attached => {parent_tid=[6326]}, 88) = 6326 [pid 6326] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6326] <... rseq resumed>) = 0 [pid 6325] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] set_robust_list(0x7f8a95e509a0, 24 [pid 6325] <... futex resumed>) = 0 [pid 6326] <... set_robust_list resumed>) = 0 [pid 6325] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6326] memfd_create("syzkaller", 0) = 3 [pid 6326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6326] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6326] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6326] close(3) = 0 [pid 6326] close(4) = 0 [pid 6326] mkdir("./file2", 0777) = 0 [pid 6326] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6326] chdir("./file2") = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 220.136346][ T6326] loop0: detected capacity change from 0 to 256 [ 220.173785][ T6326] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6326] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6325] <... futex resumed>) = 0 [pid 6326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6325] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... openat resumed>) = 4 [pid 6326] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = 0 [pid 6326] <... futex resumed>) = 1 [pid 6325] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6325] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6325] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6327 attached [pid 6327] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6325] <... clone3 resumed> => {parent_tid=[6327]}, 88) = 6327 [pid 6327] <... rseq resumed>) = 0 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], [pid 6327] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6327] <... set_robust_list resumed>) = 0 [pid 6325] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6325] <... futex resumed>) = 0 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6325] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6326] <... ioctl resumed>) = 0 [pid 6327] <... openat resumed>) = 5 [pid 6327] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6325] <... futex resumed>) = 0 [pid 6327] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6325] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6326] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6325] <... futex resumed>) = 0 [pid 6326] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6325] exit_group(0 [pid 6327] <... futex resumed>) = ? [pid 6326] <... futex resumed>) = ? [pid 6325] <... exit_group resumed>) = ? [pid 6327] +++ exited with 0 +++ [pid 6326] +++ exited with 0 +++ [pid 6325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6325, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 220.386716][ T37] audit: type=1800 audit(1753855690.230:145): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=293 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached [pid 6328] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6328 [pid 6328] chdir("./146") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] write(1, "executing program\n", 18executing program ) = 18 [pid 6328] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6328] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6329 attached => {parent_tid=[6329]}, 88) = 6329 [pid 6329] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6329] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6329] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6329] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6329] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./file2", 0777) = 0 [pid 6329] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6329] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6329] chdir("./file2") = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 220.916273][ T6329] loop0: detected capacity change from 0 to 256 [pid 6329] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6328] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] <... openat resumed>) = 4 [pid 6328] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] <... futex resumed>) = 0 [pid 6329] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 220.958645][ T6329] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6328] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6328] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6330 attached => {parent_tid=[6330]}, 88) = 6330 [pid 6330] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6330] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... set_robust_list resumed>) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6330] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6328] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6330] <... openat resumed>) = 5 [pid 6329] <... ioctl resumed>) = 0 [pid 6328] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6329] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6330] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6331 attached [pid 6330] <... futex resumed>) = 0 [pid 6329] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... clone3 resumed> => {parent_tid=[6331]}, 88) = 6331 [pid 6331] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6331] <... rseq resumed>) = 0 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6328] <... futex resumed>) = 0 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6328] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6331] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6331] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6331] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] exit_group(0 [pid 6329] <... futex resumed>) = ? [pid 6328] <... exit_group resumed>) = ? [pid 6331] <... futex resumed>) = ? [pid 6330] +++ exited with 0 +++ [pid 6329] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 221.206381][ T37] audit: type=1800 audit(1753855691.050:146): pid=6330 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=295 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6332 attached , child_tidptr=0x55555c67f690) = 6332 [pid 6332] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6332] chdir("./147") = 0 [pid 6332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6332] setpgid(0, 0) = 0 [pid 6332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6332] write(3, "1000", 4) = 4 [pid 6332] close(3) = 0 [pid 6332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6332] write(1, "executing program\n", 18executing program ) = 18 [pid 6332] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6332] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6333 attached [pid 6333] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6333] set_robust_list(0x7f8a95e509a0, 24 [pid 6332] <... clone3 resumed> => {parent_tid=[6333]}, 88) = 6333 [pid 6333] <... set_robust_list resumed>) = 0 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6333] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] memfd_create("syzkaller", 0 [pid 6332] <... futex resumed>) = 0 [pid 6333] <... memfd_create resumed>) = 3 [pid 6332] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6333] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6333] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6333] close(3) = 0 [pid 6333] close(4) = 0 [pid 6333] mkdir("./file2", 0777) = 0 [pid 6333] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6333] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6333] chdir("./file2") = 0 [pid 6333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6333] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6333] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6332] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... openat resumed>) = 4 [pid 6333] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 6332] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6332] <... futex resumed>) = 0 [ 221.733702][ T6333] loop0: detected capacity change from 0 to 256 [pid 6332] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6332] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 221.787686][ T6333] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6332] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6334 attached [pid 6334] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6332] <... clone3 resumed> => {parent_tid=[6334]}, 88) = 6334 [pid 6334] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6334] <... set_robust_list resumed>) = 0 [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] <... futex resumed>) = 0 [pid 6334] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6332] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6332] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6332] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6334] <... openat resumed>) = 5 [pid 6333] <... ioctl resumed>) = 0 [pid 6333] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6334] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0} [pid 6334] <... futex resumed>) = 0 [pid 6333] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6335 attached [pid 6334] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6332] <... clone3 resumed> => {parent_tid=[6335]}, 88) = 6335 [pid 6335] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6335] <... set_robust_list resumed>) = 0 [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] <... futex resumed>) = 0 [pid 6335] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6332] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6335] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6335] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] <... futex resumed>) = 0 [pid 6332] exit_group(0 [pid 6335] <... futex resumed>) = ? [pid 6334] <... futex resumed>) = ? [pid 6333] <... futex resumed>) = ? [pid 6332] <... exit_group resumed>) = ? [pid 6335] +++ exited with 0 +++ [pid 6334] +++ exited with 0 +++ [pid 6333] +++ exited with 0 +++ [pid 6332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6332, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 221.986587][ T37] audit: type=1800 audit(1753855691.830:147): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=297 res=0 errno=0 openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6336 attached , child_tidptr=0x55555c67f690) = 6336 [pid 6336] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6336] chdir("./148") = 0 [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6336] write(3, "1000", 4) = 4 [pid 6336] close(3) = 0 [pid 6336] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6336] write(1, "executing program\n", 18) = 18 [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6336] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6337 attached [pid 6337] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6336] <... clone3 resumed> => {parent_tid=[6337]}, 88) = 6337 [pid 6337] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6337] memfd_create("syzkaller", 0) = 3 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6337] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6337] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6337] close(3) = 0 [pid 6337] close(4) = 0 [pid 6337] mkdir("./file2", 0777) = 0 [pid 6337] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6337] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6337] chdir("./file2") = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6337] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6336] <... futex resumed>) = 0 [pid 6337] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... openat resumed>) = 4 [pid 6337] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6337] <... futex resumed>) = 1 [pid 6336] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6336] <... futex resumed>) = 0 [ 222.564081][ T6337] loop0: detected capacity change from 0 to 256 [ 222.589601][ T6337] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6336] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6336] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6338 attached [pid 6338] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6338] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6336] <... clone3 resumed> => {parent_tid=[6338]}, 88) = 6338 [pid 6338] <... set_robust_list resumed>) = 0 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6336] <... futex resumed>) = 0 [pid 6338] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6336] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... ioctl resumed>) = 0 [pid 6338] <... openat resumed>) = 5 [pid 6337] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6336] <... futex resumed>) = 0 [pid 6337] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6336] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6336] exit_group(0 [pid 6337] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6336] <... exit_group resumed>) = ? [pid 6337] +++ exited with 0 +++ [pid 6338] <... futex resumed>) = ? [pid 6338] +++ exited with 0 +++ [pid 6336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6336, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 222.776675][ T37] audit: type=1800 audit(1753855692.620:148): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=299 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6339 ./strace-static-x86_64: Process 6339 attached [pid 6339] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6339] chdir("./149") = 0 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6339] write(3, "1000", 4) = 4 [pid 6339] close(3) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6339] write(1, "executing program\n", 18) = 18 [pid 6339] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6339] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6340 attached [pid 6340] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6339] <... clone3 resumed> => {parent_tid=[6340]}, 88) = 6340 [pid 6340] set_robust_list(0x7f8a95e509a0, 24 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6340] <... set_robust_list resumed>) = 0 [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6339] <... futex resumed>) = 0 [pid 6340] memfd_create("syzkaller", 0 [pid 6339] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6340] <... memfd_create resumed>) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6340] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6340] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6340] close(3) = 0 [pid 6340] close(4) = 0 [pid 6340] mkdir("./file2", 0777) = 0 [pid 6340] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6340] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] chdir("./file2") = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6340] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6339] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... openat resumed>) = 4 [pid 6340] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6339] <... futex resumed>) = 0 [pid 6340] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 223.267518][ T6340] loop0: detected capacity change from 0 to 256 [ 223.304648][ T6340] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6339] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6339] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6339] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6341 attached [pid 6341] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6341] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6339] <... clone3 resumed> => {parent_tid=[6341]}, 88) = 6341 [pid 6341] <... set_robust_list resumed>) = 0 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6341] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6341] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6339] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... ioctl resumed>) = 0 [pid 6341] <... openat resumed>) = 5 [pid 6340] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] <... futex resumed>) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6341] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = 1 [pid 6340] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6339] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6340] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6340] <... futex resumed>) = 1 [pid 6339] exit_group(0 [pid 6340] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] <... futex resumed>) = ? [pid 6340] <... futex resumed>) = ? [pid 6339] <... exit_group resumed>) = ? [pid 6340] +++ exited with 0 +++ [pid 6341] +++ exited with 0 +++ [pid 6339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 223.496681][ T37] audit: type=1800 audit(1753855693.340:149): pid=6341 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=301 res=0 errno=0 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6342 attached [pid 6342] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6342] chdir("./150" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6342 [pid 6342] <... chdir resumed>) = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6342] setpgid(0, 0) = 0 [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6342] write(3, "1000", 4) = 4 [pid 6342] close(3) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6342] write(1, "executing program\n", 18executing program ) = 18 [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6342] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6343 attached => {parent_tid=[6343]}, 88) = 6343 [pid 6343] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], [pid 6343] set_robust_list(0x7f8a95e509a0, 24 [pid 6342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6343] <... set_robust_list resumed>) = 0 [pid 6342] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6342] <... futex resumed>) = 0 [pid 6343] memfd_create("syzkaller", 0 [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6343] <... memfd_create resumed>) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6343] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6343] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6343] close(3) = 0 [pid 6343] close(4) = 0 [pid 6343] mkdir("./file2", 0777) = 0 [pid 6343] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6343] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6343] chdir("./file2") = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6343] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6342] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... openat resumed>) = 4 [pid 6343] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6342] <... futex resumed>) = 0 [ 224.030772][ T6343] loop0: detected capacity change from 0 to 256 [ 224.069169][ T6343] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6342] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6342] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6344 attached [pid 6344] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6342] <... clone3 resumed> => {parent_tid=[6344]}, 88) = 6344 [pid 6344] <... rseq resumed>) = 0 [pid 6344] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], [pid 6344] <... set_robust_list resumed>) = 0 [pid 6342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6344] rt_sigprocmask(SIG_SETMASK, [], [pid 6342] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6344] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... ioctl resumed>) = 0 [pid 6344] <... openat resumed>) = 5 [pid 6344] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6342] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6343] <... futex resumed>) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 6343] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6343] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] exit_group(0 [pid 6343] exit_group(0 [pid 6344] <... futex resumed>) = ? [pid 6343] +++ exited with 0 +++ [pid 6342] <... exit_group resumed>) = ? [pid 6344] +++ exited with 0 +++ [pid 6342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 224.227019][ T37] audit: type=1800 audit(1753855694.070:150): pid=6344 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=303 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6345 ./strace-static-x86_64: Process 6345 attached [pid 6345] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6345] chdir("./151") = 0 [pid 6345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6345] setpgid(0, 0) = 0 [pid 6345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6345] write(3, "1000", 4) = 4 [pid 6345] close(3) = 0 [pid 6345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6345] write(1, "executing program\n", 18executing program ) = 18 [pid 6345] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6345] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6346 attached [pid 6346] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6345] <... clone3 resumed> => {parent_tid=[6346]}, 88) = 6346 [pid 6346] set_robust_list(0x7f8a95e509a0, 24 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] <... set_robust_list resumed>) = 0 [pid 6345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6345] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6345] <... futex resumed>) = 0 [pid 6346] memfd_create("syzkaller", 0 [pid 6345] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6346] <... memfd_create resumed>) = 3 [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6346] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6346] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6346] close(3) = 0 [pid 6346] close(4) = 0 [pid 6346] mkdir("./file2", 0777) = 0 [pid 6346] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6346] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6346] chdir("./file2") = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6346] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6346] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6345] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 224.678208][ T6346] loop0: detected capacity change from 0 to 256 [ 224.708338][ T6346] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6345] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6345] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6345] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6345] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6347 attached => {parent_tid=[6347]}, 88) = 6347 [pid 6347] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] <... rseq resumed>) = 0 [pid 6347] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6345] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 6345] <... futex resumed>) = 0 [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6345] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6346] <... ioctl resumed>) = 0 [pid 6347] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6347] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6345] <... futex resumed>) = 0 [pid 6347] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6345] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6347] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6347] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] exit_group(0 [pid 6347] <... futex resumed>) = ? [pid 6346] <... futex resumed>) = ? [pid 6345] <... exit_group resumed>) = ? [pid 6347] +++ exited with 0 +++ [pid 6346] +++ exited with 0 +++ [pid 6345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6345, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 224.846430][ T37] audit: type=1800 audit(1753855694.690:151): pid=6347 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=305 res=0 errno=0 newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6348 attached , child_tidptr=0x55555c67f690) = 6348 [pid 6348] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6348] chdir("./152") = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6348] write(3, "1000", 4) = 4 [pid 6348] close(3) = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] write(1, "executing program\n", 18executing program ) = 18 [pid 6348] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6348] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6349 attached [pid 6349] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6348] <... clone3 resumed> => {parent_tid=[6349]}, 88) = 6349 [pid 6349] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] memfd_create("syzkaller", 0) = 3 [pid 6348] <... futex resumed>) = 0 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6348] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] <... mmap resumed>) = 0x7f8a8da30000 [pid 6349] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6349] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6349] close(3) = 0 [pid 6349] close(4) = 0 [pid 6349] mkdir("./file2", 0777) = 0 [pid 6349] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6349] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./file2") = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6349] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6348] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... openat resumed>) = 4 [pid 6349] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6348] <... futex resumed>) = 1 [ 225.402336][ T6349] loop0: detected capacity change from 0 to 256 [pid 6348] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6348] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 225.446765][ T6349] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6348] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6348] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6350 attached => {parent_tid=[6350]}, 88) = 6350 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6350] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6350] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6350] <... set_robust_list resumed>) = 0 [pid 6348] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6348] <... futex resumed>) = 0 [pid 6350] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6348] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... ioctl resumed>) = 0 [pid 6350] <... openat resumed>) = 5 [pid 6349] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] <... futex resumed>) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6350] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] <... futex resumed>) = 0 [pid 6348] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6349] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] exit_group(0 [pid 6350] <... futex resumed>) = ? [pid 6349] <... futex resumed>) = ? [pid 6348] <... exit_group resumed>) = ? [pid 6350] +++ exited with 0 +++ [pid 6349] +++ exited with 0 +++ [pid 6348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 225.626866][ T37] audit: type=1800 audit(1753855695.470:152): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=307 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6351 attached [pid 6351] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6351 [pid 6351] chdir("./153") = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6351] setpgid(0, 0) = 0 [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6351] write(1, "executing program\n", 18) = 18 [pid 6351] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6351] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6352 attached [pid 6352] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6351] <... clone3 resumed> => {parent_tid=[6352]}, 88) = 6352 [pid 6352] <... rseq resumed>) = 0 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], [pid 6352] set_robust_list(0x7f8a95e509a0, 24 [pid 6351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6352] <... set_robust_list resumed>) = 0 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], [pid 6351] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6351] <... futex resumed>) = 0 [pid 6352] memfd_create("syzkaller", 0 [pid 6351] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6352] <... memfd_create resumed>) = 3 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6352] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6352] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6352] close(3) = 0 [pid 6352] close(4) = 0 [pid 6352] mkdir("./file2", 0777) = 0 [pid 6352] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6352] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6352] chdir("./file2") = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6352] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... openat resumed>) = 4 [pid 6352] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6351] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.212685][ T6352] loop0: detected capacity change from 0 to 256 [ 226.241414][ T6352] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6351] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6351] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6351] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6351] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6353 attached [pid 6353] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6351] <... clone3 resumed> => {parent_tid=[6353]}, 88) = 6353 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], [pid 6353] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6353] <... set_robust_list resumed>) = 0 [pid 6353] rt_sigprocmask(SIG_SETMASK, [], [pid 6351] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6351] <... futex resumed>) = 0 [pid 6353] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6351] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6351] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] <... openat resumed>) = 5 [pid 6352] <... ioctl resumed>) = 0 [pid 6353] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6353] <... futex resumed>) = 0 [pid 6352] <... futex resumed>) = 0 [pid 6351] <... mmap resumed>) = 0x7f8a95dee000 [pid 6353] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6354 attached [pid 6354] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6354] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6351] <... clone3 resumed> => {parent_tid=[6354]}, 88) = 6354 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6351] rt_sigprocmask(SIG_SETMASK, [], [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6354] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6351] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6354] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6354] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] exit_group(0) = ? [pid 6354] <... futex resumed>) = ? [pid 6353] <... futex resumed>) = ? [pid 6352] <... futex resumed>) = ? [pid 6354] +++ exited with 0 +++ [pid 6353] +++ exited with 0 +++ [pid 6352] +++ exited with 0 +++ [pid 6351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 226.456597][ T37] audit: type=1800 audit(1753855696.300:153): pid=6353 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=309 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6355 attached [pid 6355] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6355 [pid 6355] chdir("./154") = 0 [pid 6355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6355] setpgid(0, 0) = 0 [pid 6355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6355] write(3, "1000", 4) = 4 [pid 6355] close(3) = 0 [pid 6355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6355] write(1, "executing program\n", 18executing program ) = 18 [pid 6355] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6355] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6356 attached [pid 6356] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6355] <... clone3 resumed> => {parent_tid=[6356]}, 88) = 6356 [pid 6356] <... rseq resumed>) = 0 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6356] set_robust_list(0x7f8a95e509a0, 24 [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6356] <... set_robust_list resumed>) = 0 [pid 6355] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] <... futex resumed>) = 0 [pid 6356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6356] memfd_create("syzkaller", 0 [pid 6355] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6356] <... memfd_create resumed>) = 3 [pid 6356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6356] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6356] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6356] close(3) = 0 [pid 6356] close(4) = 0 [pid 6356] mkdir("./file2", 0777) = 0 [pid 6356] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6356] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6356] chdir("./file2") = 0 [pid 6356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6356] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6356] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] <... futex resumed>) = 0 [pid 6355] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6355] <... futex resumed>) = 1 [pid 6356] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6355] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... openat resumed>) = 4 [pid 6356] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6356] <... futex resumed>) = 0 [pid 6356] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6356] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6355] <... futex resumed>) = 0 [ 226.977075][ T6356] loop0: detected capacity change from 0 to 256 [ 227.009797][ T6356] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6355] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6355] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6355] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6357 attached [pid 6357] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6355] <... clone3 resumed> => {parent_tid=[6357]}, 88) = 6357 [pid 6357] <... rseq resumed>) = 0 [pid 6357] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6357] <... set_robust_list resumed>) = 0 [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6355] <... futex resumed>) = 0 [pid 6357] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6355] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... ioctl resumed>) = 0 [pid 6357] <... openat resumed>) = 5 [pid 6356] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6356] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] <... futex resumed>) = 0 [pid 6357] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6355] <... futex resumed>) = 1 [pid 6355] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6356] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6355] <... futex resumed>) = 0 [pid 6356] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] exit_group(0 [pid 6357] <... futex resumed>) = ? [pid 6356] <... futex resumed>) = ? [pid 6355] <... exit_group resumed>) = ? [pid 6357] +++ exited with 0 +++ [pid 6356] +++ exited with 0 +++ [pid 6355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6355, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 227.206931][ T37] audit: type=1800 audit(1753855697.050:154): pid=6357 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=311 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6358 ./strace-static-x86_64: Process 6358 attached [pid 6358] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6358] chdir("./155") = 0 [pid 6358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6358] setpgid(0, 0) = 0 [pid 6358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6358] write(3, "1000", 4) = 4 [pid 6358] close(3) = 0 [pid 6358] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6358] write(1, "executing program\n", 18) = 18 [pid 6358] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6358] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6359 attached [pid 6359] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6358] <... clone3 resumed> => {parent_tid=[6359]}, 88) = 6359 [pid 6359] <... rseq resumed>) = 0 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], [pid 6359] set_robust_list(0x7f8a95e509a0, 24 [pid 6358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6359] <... set_robust_list resumed>) = 0 [pid 6358] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] <... futex resumed>) = 0 [pid 6359] memfd_create("syzkaller", 0 [pid 6358] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6359] <... memfd_create resumed>) = 3 [pid 6359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6359] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6359] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6359] close(3) = 0 [pid 6359] close(4) = 0 [pid 6359] mkdir("./file2", 0777) = 0 [pid 6359] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6359] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6359] chdir("./file2") = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6359] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6359] <... futex resumed>) = 1 [pid 6358] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... openat resumed>) = 4 [pid 6359] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6358] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 227.682321][ T6359] loop0: detected capacity change from 0 to 256 [ 227.708642][ T6359] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6359] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6358] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6358] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6358] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6360 attached [pid 6360] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6358] <... clone3 resumed> => {parent_tid=[6360]}, 88) = 6360 [pid 6360] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6360] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6360] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6358] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... ioctl resumed>) = 0 [pid 6360] <... openat resumed>) = 5 [pid 6359] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 0 [pid 6359] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] <... futex resumed>) = 1 [pid 6360] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6358] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6358] <... futex resumed>) = 0 [pid 6359] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6359] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6359] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] exit_group(0 [pid 6360] <... futex resumed>) = ? [pid 6359] <... futex resumed>) = ? [pid 6358] <... exit_group resumed>) = ? [pid 6360] +++ exited with 0 +++ [pid 6359] +++ exited with 0 +++ [pid 6358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6358, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 227.846712][ T37] audit: type=1800 audit(1753855697.690:155): pid=6360 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=313 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6361] chdir("./156") = 0 [pid 6361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6361 [pid 6361] <... prctl resumed>) = 0 [pid 6361] setpgid(0, 0) = 0 [pid 6361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6361] write(3, "1000", 4) = 4 [pid 6361] close(3) = 0 [pid 6361] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6361] write(1, "executing program\n", 18) = 18 [pid 6361] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6361] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6362 attached [pid 6362] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6362] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6361] <... clone3 resumed> => {parent_tid=[6362]}, 88) = 6362 [pid 6362] rt_sigprocmask(SIG_SETMASK, [], [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6362] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6361] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6362] memfd_create("syzkaller", 0 [pid 6361] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6362] <... memfd_create resumed>) = 3 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6362] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6362] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6362] close(3) = 0 [pid 6362] close(4) = 0 [pid 6362] mkdir("./file2", 0777) = 0 [pid 6362] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6362] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6362] chdir("./file2") = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6362] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = 0 [pid 6362] <... futex resumed>) = 1 [pid 6361] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] <... openat resumed>) = 4 [pid 6362] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = 0 [pid 6362] <... futex resumed>) = 1 [pid 6361] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6361] <... futex resumed>) = 0 [ 228.397338][ T6362] loop0: detected capacity change from 0 to 256 [ 228.433877][ T6362] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6361] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6361] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6363 attached [pid 6363] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6361] <... clone3 resumed> => {parent_tid=[6363]}, 88) = 6363 [pid 6363] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] <... set_robust_list resumed>) = 0 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6361] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6363] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6361] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6361] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6364 attached [pid 6364] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6363] <... openat resumed>) = 5 [pid 6362] <... ioctl resumed>) = 0 [pid 6361] <... clone3 resumed> => {parent_tid=[6364]}, 88) = 6364 [pid 6364] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6363] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... set_robust_list resumed>) = 0 [pid 6363] <... futex resumed>) = 0 [pid 6362] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6364] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6361] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6361] <... futex resumed>) = 0 [pid 6364] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6361] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] <... futex resumed>) = 0 [pid 6364] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] exit_group(0 [pid 6363] <... futex resumed>) = ? [pid 6362] <... futex resumed>) = ? [pid 6364] <... futex resumed>) = ? [pid 6363] +++ exited with 0 +++ [pid 6364] +++ exited with 0 +++ [pid 6362] +++ exited with 0 +++ [pid 6361] <... exit_group resumed>) = ? [pid 6361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6361, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.616348][ T37] audit: type=1800 audit(1753855698.460:156): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=315 res=0 errno=0 openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6365] chdir("./157") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6365 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6365] setpgid(0, 0) = 0 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6365] write(3, "1000", 4) = 4 [pid 6365] close(3) = 0 [pid 6365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6365] write(1, "executing program\n", 18executing program ) = 18 [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6365] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6366 attached => {parent_tid=[6366]}, 88) = 6366 [pid 6366] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] <... rseq resumed>) = 0 [pid 6365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] set_robust_list(0x7f8a95e509a0, 24 [pid 6365] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... set_robust_list resumed>) = 0 [pid 6365] <... futex resumed>) = 0 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] memfd_create("syzkaller", 0) = 3 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6366] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6366] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] close(4) = 0 [pid 6366] mkdir("./file2", 0777) = 0 [pid 6366] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6366] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./file2") = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6366] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6366] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... openat resumed>) = 4 [pid 6366] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6366] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6366] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 229.116405][ T6366] loop0: detected capacity change from 0 to 256 [ 229.143641][ T6366] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6365] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6367 attached [pid 6367] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6365] <... clone3 resumed> => {parent_tid=[6367]}, 88) = 6367 [pid 6367] <... rseq resumed>) = 0 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], [pid 6365] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6365] <... futex resumed>) = 0 [pid 6367] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6365] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... ioctl resumed>) = 0 [pid 6367] <... openat resumed>) = 5 [pid 6366] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6367] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 0 [pid 6366] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6365] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6366] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] exit_group(0) = ? [pid 6366] <... futex resumed>) = ? [pid 6367] <... futex resumed>) = ? [pid 6367] +++ exited with 0 +++ [pid 6366] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6365, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 229.326678][ T37] audit: type=1800 audit(1753855699.170:157): pid=6367 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=317 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6368 attached [pid 6368] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6368] chdir("./158") = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6368 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] write(1, "executing program\n", 18executing program ) = 18 [pid 6368] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6368] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6369 attached => {parent_tid=[6369]}, 88) = 6369 [pid 6369] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6368] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] <... rseq resumed>) = 0 [pid 6368] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6369] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6369] memfd_create("syzkaller", 0) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6369] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6369] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6369] close(3) = 0 [pid 6369] close(4) = 0 [pid 6369] mkdir("./file2", 0777) = 0 [pid 6369] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6369] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6369] chdir("./file2") = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6369] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... openat resumed>) = 4 [ 229.854233][ T6369] loop0: detected capacity change from 0 to 256 [pid 6369] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6368] <... futex resumed>) = 1 [pid 6368] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 229.899762][ T6369] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6369] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6368] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6368] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6368] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6370 attached [pid 6370] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6368] <... clone3 resumed> => {parent_tid=[6370]}, 88) = 6370 [pid 6370] <... rseq resumed>) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6370] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6370] <... set_robust_list resumed>) = 0 [pid 6368] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], [pid 6368] <... futex resumed>) = 0 [pid 6370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6368] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6368] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6368] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6368] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] <... openat resumed>) = 5 [pid 6369] <... ioctl resumed>) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6370] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6369] <... futex resumed>) = 0 [pid 6370] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6371 attached [pid 6369] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6371] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6368] <... clone3 resumed> => {parent_tid=[6371]}, 88) = 6371 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6368] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6371] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6371] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6371] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] exit_group(0 [pid 6371] <... futex resumed>) = ? [pid 6368] <... exit_group resumed>) = ? [pid 6370] <... futex resumed>) = ? [pid 6369] <... futex resumed>) = ? [pid 6371] +++ exited with 0 +++ [pid 6370] +++ exited with 0 +++ [pid 6369] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 230.076517][ T37] audit: type=1800 audit(1753855699.920:158): pid=6370 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=319 res=0 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6372 ./strace-static-x86_64: Process 6372 attached [pid 6372] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6372] chdir("./159") = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] setpgid(0, 0) = 0 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6372] write(3, "1000", 4) = 4 [pid 6372] close(3) = 0 [pid 6372] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6372] write(1, "executing program\n", 18) = 18 [pid 6372] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6372] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6373]}, 88) = 6373 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6372] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6373 attached [pid 6373] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6373] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6373] memfd_create("syzkaller", 0) = 3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6373] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6373] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6373] close(3) = 0 [pid 6373] close(4) = 0 [pid 6373] mkdir("./file2", 0777) = 0 [pid 6373] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6373] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6373] chdir("./file2") = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6373] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... futex resumed>) = 1 [pid 6372] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6372] <... futex resumed>) = 0 [ 230.508211][ T6373] loop0: detected capacity change from 0 to 256 [pid 6372] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... openat resumed>) = 4 [pid 6373] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 230.553477][ T6373] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6372] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6372] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6372] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6374 attached [pid 6374] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6372] <... clone3 resumed> => {parent_tid=[6374]}, 88) = 6374 [pid 6374] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], [pid 6374] <... set_robust_list resumed>) = 0 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], [pid 6372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6372] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6372] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... ioctl resumed>) = 0 [pid 6374] <... openat resumed>) = 5 [pid 6374] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6374] <... futex resumed>) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6374] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6372] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6373] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... futex resumed>) = 1 [pid 6372] exit_group(0 [pid 6373] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6374] <... futex resumed>) = ? [pid 6372] <... exit_group resumed>) = ? [pid 6374] +++ exited with 0 +++ [pid 6373] +++ exited with 0 +++ [pid 6372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.716746][ T37] audit: type=1800 audit(1753855700.560:159): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=321 res=0 errno=0 newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6375 attached , child_tidptr=0x55555c67f690) = 6375 [pid 6375] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6375] chdir("./160") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6375] write(1, "executing program\n", 18) = 18 [pid 6375] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6375] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6376 attached [pid 6376] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6375] <... clone3 resumed> => {parent_tid=[6376]}, 88) = 6376 [pid 6376] set_robust_list(0x7f8a95e509a0, 24 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6376] <... set_robust_list resumed>) = 0 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6375] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] memfd_create("syzkaller", 0 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] <... memfd_create resumed>) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6376] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6376] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] close(4) = 0 [pid 6376] mkdir("./file2", 0777) = 0 [pid 6376] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6376] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./file2") = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6376] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6376] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6375] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... openat resumed>) = 4 [pid 6376] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [ 231.271441][ T6376] loop0: detected capacity change from 0 to 256 [ 231.299475][ T6376] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6376] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = 1 [pid 6376] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6375] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6375] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6377 attached => {parent_tid=[6377]}, 88) = 6377 [pid 6377] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6377] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6377] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6377] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6377] <... openat resumed>) = 5 [pid 6376] <... ioctl resumed>) = 0 [pid 6375] <... mmap resumed>) = 0x7f8a95dee000 [pid 6377] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6377] <... futex resumed>) = 0 [pid 6376] <... futex resumed>) = 0 [pid 6377] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6376] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... mprotect resumed>) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6378 attached [pid 6378] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6375] <... clone3 resumed> => {parent_tid=[6378]}, 88) = 6378 [pid 6378] <... rseq resumed>) = 0 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6378] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... futex resumed>) = 0 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6375] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6378] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6378] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6375] exit_group(0 [pid 6377] <... futex resumed>) = ? [pid 6376] <... futex resumed>) = ? [pid 6378] +++ exited with 0 +++ [pid 6377] +++ exited with 0 +++ [pid 6375] <... exit_group resumed>) = ? [pid 6376] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 231.506344][ T37] audit: type=1800 audit(1753855701.350:160): pid=6377 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=323 res=0 errno=0 openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6379 attached [pid 6379] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6379 [pid 6379] <... set_robust_list resumed>) = 0 [pid 6379] chdir("./161") = 0 [pid 6379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6379] setpgid(0, 0) = 0 [pid 6379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6379] write(3, "1000", 4) = 4 [pid 6379] close(3) = 0 [pid 6379] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6379] write(1, "executing program\n", 18) = 18 [pid 6379] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6379] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6380 attached [pid 6380] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6379] <... clone3 resumed> => {parent_tid=[6380]}, 88) = 6380 [pid 6380] <... rseq resumed>) = 0 [pid 6380] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6379] rt_sigprocmask(SIG_SETMASK, [], [pid 6380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6380] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = 1 [pid 6380] memfd_create("syzkaller", 0 [pid 6379] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6380] <... memfd_create resumed>) = 3 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6380] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6380] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6380] close(3) = 0 [pid 6380] close(4) = 0 [pid 6380] mkdir("./file2", 0777) = 0 [pid 6380] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6380] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6380] chdir("./file2") = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6380] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6380] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6379] <... futex resumed>) = 0 [pid 6380] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6379] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... openat resumed>) = 4 [pid 6380] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6380] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6379] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 232.078807][ T6380] loop0: detected capacity change from 0 to 256 [ 232.108755][ T6380] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6379] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6379] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6379] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6381 attached [pid 6381] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6381] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6379] <... clone3 resumed> => {parent_tid=[6381]}, 88) = 6381 [pid 6381] <... set_robust_list resumed>) = 0 [pid 6381] rt_sigprocmask(SIG_SETMASK, [], [pid 6379] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6381] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6379] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = 1 [pid 6381] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6379] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... ioctl resumed>) = 0 [pid 6380] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... openat resumed>) = 5 [pid 6380] <... futex resumed>) = 0 [pid 6381] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] <... futex resumed>) = 1 [pid 6381] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] <... futex resumed>) = 0 [pid 6379] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = 1 [pid 6380] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6379] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6380] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6380] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] exit_group(0 [pid 6381] <... futex resumed>) = ? [pid 6379] <... exit_group resumed>) = ? [pid 6381] +++ exited with 0 +++ [pid 6380] <... futex resumed>) = ? [pid 6380] +++ exited with 0 +++ [pid 6379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6379, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 232.266910][ T37] audit: type=1800 audit(1753855702.110:161): pid=6381 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=325 res=0 errno=0 openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6382 attached [pid 6382] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6382 [pid 6382] chdir("./162") = 0 [pid 6382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6382] setpgid(0, 0) = 0 [pid 6382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6382] write(3, "1000", 4) = 4 [pid 6382] close(3) = 0 [pid 6382] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6382] write(1, "executing program\n", 18) = 18 [pid 6382] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6382] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6383 attached [pid 6383] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6382] <... clone3 resumed> => {parent_tid=[6383]}, 88) = 6383 [pid 6383] <... rseq resumed>) = 0 [pid 6383] set_robust_list(0x7f8a95e509a0, 24 [pid 6382] rt_sigprocmask(SIG_SETMASK, [], [pid 6383] <... set_robust_list resumed>) = 0 [pid 6382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], [pid 6382] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6383] memfd_create("syzkaller", 0 [pid 6382] <... futex resumed>) = 0 [pid 6383] <... memfd_create resumed>) = 3 [pid 6382] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6383] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6383] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6383] close(3) = 0 [pid 6383] close(4) = 0 [pid 6383] mkdir("./file2", 0777) = 0 [pid 6383] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6383] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6383] chdir("./file2") = 0 [pid 6383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6383] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6383] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] <... futex resumed>) = 0 [pid 6383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6382] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... openat resumed>) = 4 [pid 6383] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6382] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6382] <... futex resumed>) = 0 [ 232.632572][ T6383] loop0: detected capacity change from 0 to 256 [ 232.660305][ T6383] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6382] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6382] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6382] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6384 attached [pid 6384] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6382] <... clone3 resumed> => {parent_tid=[6384]}, 88) = 6384 [pid 6384] <... rseq resumed>) = 0 [pid 6384] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6382] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6382] <... futex resumed>) = 0 [pid 6382] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... ioctl resumed>) = 0 [pid 6384] <... openat resumed>) = 5 [pid 6383] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6383] <... futex resumed>) = 0 [pid 6384] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6383] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6383] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6382] <... futex resumed>) = 0 [pid 6383] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6383] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] exit_group(0 [pid 6384] <... futex resumed>) = ? [pid 6383] <... futex resumed>) = ? [pid 6382] <... exit_group resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6384] +++ exited with 0 +++ [pid 6382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6382, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 232.826728][ T37] audit: type=1800 audit(1753855702.670:162): pid=6384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=327 res=0 errno=0 openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6385 attached , child_tidptr=0x55555c67f690) = 6385 [pid 6385] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6385] chdir("./163") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6385] write(1, "executing program\n", 18) = 18 [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6385] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6386 attached [pid 6386] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6385] <... clone3 resumed> => {parent_tid=[6386]}, 88) = 6386 [pid 6386] set_robust_list(0x7f8a95e509a0, 24 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], [pid 6386] <... set_robust_list resumed>) = 0 [pid 6385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6386] memfd_create("syzkaller", 0) = 3 [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6386] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6386] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6386] close(3) = 0 [pid 6386] close(4) = 0 [pid 6386] mkdir("./file2", 0777) = 0 [pid 6386] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6386] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6386] chdir("./file2") = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6386] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [ 233.384861][ T6386] loop0: detected capacity change from 0 to 256 [pid 6386] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... openat resumed>) = 4 [pid 6386] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 233.429624][ T6386] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6385] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6385] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6387 attached [pid 6387] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6387] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6385] <... clone3 resumed> => {parent_tid=[6387]}, 88) = 6387 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] rt_sigprocmask(SIG_SETMASK, [], [pid 6387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6387] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6387] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6385] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... ioctl resumed>) = 0 [pid 6386] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... openat resumed>) = 5 [pid 6387] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6387] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6386] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6386] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6386] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = 0 [pid 6385] exit_group(0 [pid 6387] <... futex resumed>) = ? [pid 6386] <... futex resumed>) = ? [pid 6385] <... exit_group resumed>) = ? [pid 6387] +++ exited with 0 +++ [pid 6386] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 233.606636][ T37] audit: type=1800 audit(1753855703.450:163): pid=6387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=329 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6388] chdir("./164") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6388 [pid 6388] <... prctl resumed>) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] write(1, "executing program\n", 18executing program ) = 18 [pid 6388] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6388] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6389 attached [pid 6389] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6388] <... clone3 resumed> => {parent_tid=[6389]}, 88) = 6389 [pid 6389] <... rseq resumed>) = 0 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 6389] set_robust_list(0x7f8a95e509a0, 24 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6389] <... set_robust_list resumed>) = 0 [pid 6388] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6389] memfd_create("syzkaller", 0) = 3 [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6389] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6389] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6389] close(3) = 0 [pid 6389] close(4) = 0 [pid 6389] mkdir("./file2", 0777) = 0 [pid 6389] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6389] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6389] chdir("./file2") = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6389] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6389] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] <... futex resumed>) = 0 [pid 6389] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6388] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... openat resumed>) = 4 [pid 6389] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6389] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... futex resumed>) = 0 [ 234.127879][ T6389] loop0: detected capacity change from 0 to 256 [ 234.155079][ T6389] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6389] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6388] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6388] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6390 attached [pid 6390] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6388] <... clone3 resumed> => {parent_tid=[6390]}, 88) = 6390 [pid 6390] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], [pid 6388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6388] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6388] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6390] <... openat resumed>) = 5 [pid 6389] <... ioctl resumed>) = 0 [pid 6390] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6390] <... futex resumed>) = 0 [pid 6389] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6389] <... futex resumed>) = 0 [pid 6388] <... mprotect resumed>) = 0 [pid 6389] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6391 attached [pid 6391] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6388] <... clone3 resumed> => {parent_tid=[6391]}, 88) = 6391 [pid 6391] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 6391] <... set_robust_list resumed>) = 0 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], [pid 6388] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6391] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6391] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] exit_group(0 [pid 6391] <... futex resumed>) = ? [pid 6390] <... futex resumed>) = ? [pid 6389] <... futex resumed>) = ? [pid 6388] <... exit_group resumed>) = ? [pid 6391] +++ exited with 0 +++ [pid 6390] +++ exited with 0 +++ [pid 6389] +++ exited with 0 +++ [pid 6388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 234.356476][ T37] audit: type=1800 audit(1753855704.200:164): pid=6390 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=331 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6392 attached , child_tidptr=0x55555c67f690) = 6392 [pid 6392] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6392] chdir("./165") = 0 [pid 6392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6392] setpgid(0, 0) = 0 [pid 6392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6392] write(3, "1000", 4) = 4 [pid 6392] close(3) = 0 [pid 6392] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6392] write(1, "executing program\n", 18) = 18 [pid 6392] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6392] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6393 attached => {parent_tid=[6393]}, 88) = 6393 [pid 6393] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], [pid 6393] set_robust_list(0x7f8a95e509a0, 24 [pid 6392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6392] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... set_robust_list resumed>) = 0 [pid 6393] rt_sigprocmask(SIG_SETMASK, [], [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6393] memfd_create("syzkaller", 0) = 3 [pid 6393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6393] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6393] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6393] close(3) = 0 [pid 6393] close(4) = 0 [pid 6393] mkdir("./file2", 0777) = 0 [pid 6393] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6393] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6393] chdir("./file2") = 0 [pid 6393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6393] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] <... futex resumed>) = 0 [pid 6393] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6392] <... futex resumed>) = 1 [pid 6392] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6393] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6393] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] <... futex resumed>) = 0 [pid 6393] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] <... futex resumed>) = 0 [pid 6393] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 234.936786][ T6393] loop0: detected capacity change from 0 to 256 [ 234.973324][ T6393] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6392] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6392] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6392] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6394 attached [pid 6394] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6392] <... clone3 resumed> => {parent_tid=[6394]}, 88) = 6394 [pid 6394] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], [pid 6394] <... set_robust_list resumed>) = 0 [pid 6392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6392] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... openat resumed>) = 5 [pid 6393] <... ioctl resumed>) = 0 [pid 6394] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6392] <... futex resumed>) = 0 [pid 6394] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] <... futex resumed>) = 0 [pid 6393] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6392] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6393] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6393] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6393] <... futex resumed>) = 1 [pid 6392] exit_group(0 [pid 6393] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6394] <... futex resumed>) = ? [pid 6392] <... exit_group resumed>) = ? [pid 6394] +++ exited with 0 +++ [pid 6393] <... futex resumed>) = ? [pid 6393] +++ exited with 0 +++ [pid 6392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6392, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 235.116441][ T37] audit: type=1800 audit(1753855704.960:165): pid=6394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=333 res=0 errno=0 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6395 attached , child_tidptr=0x55555c67f690) = 6395 [pid 6395] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6395] chdir("./166") = 0 [pid 6395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6395] setpgid(0, 0) = 0 [pid 6395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6395] write(3, "1000", 4) = 4 [pid 6395] close(3) = 0 [pid 6395] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6395] write(1, "executing program\n", 18) = 18 [pid 6395] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6395] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6396 attached [pid 6396] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6396] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6395] <... clone3 resumed> => {parent_tid=[6396]}, 88) = 6396 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6395] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6395] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] memfd_create("syzkaller", 0 [pid 6395] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6396] <... memfd_create resumed>) = 3 [pid 6396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6396] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6396] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6396] close(3) = 0 [pid 6396] close(4) = 0 [pid 6396] mkdir("./file2", 0777) = 0 [pid 6396] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6396] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6396] chdir("./file2") = 0 [pid 6396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6396] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6395] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... openat resumed>) = 4 [pid 6396] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6395] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 235.622532][ T6396] loop0: detected capacity change from 0 to 256 [ 235.654295][ T6396] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6395] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6395] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6395] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6397 attached [pid 6397] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6397] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6395] <... clone3 resumed> => {parent_tid=[6397]}, 88) = 6397 [pid 6397] <... set_robust_list resumed>) = 0 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6395] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6397] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6396] <... ioctl resumed>) = 0 [pid 6396] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... openat resumed>) = 5 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6395] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] <... futex resumed>) = 0 [pid 6395] <... futex resumed>) = 1 [pid 6396] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6395] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6396] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6395] exit_group(0 [pid 6397] <... futex resumed>) = ? [pid 6395] <... exit_group resumed>) = ? [pid 6397] +++ exited with 0 +++ [pid 6396] +++ exited with 0 +++ [pid 6395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6395, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 235.826609][ T37] audit: type=1800 audit(1753855705.670:166): pid=6397 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=335 res=0 errno=0 unlink("./166/binderfs") = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6398 attached [pid 6398] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6398] chdir("./167" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6398 [pid 6398] <... chdir resumed>) = 0 [pid 6398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6398] setpgid(0, 0) = 0 [pid 6398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6398] write(3, "1000", 4) = 4 [pid 6398] close(3) = 0 [pid 6398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6398] write(1, "executing program\n", 18executing program ) = 18 [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6398] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6398] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6399 attached [pid 6399] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6398] <... clone3 resumed> => {parent_tid=[6399]}, 88) = 6399 [pid 6399] set_robust_list(0x7f8a95e509a0, 24 [pid 6398] rt_sigprocmask(SIG_SETMASK, [], [pid 6399] <... set_robust_list resumed>) = 0 [pid 6398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6399] rt_sigprocmask(SIG_SETMASK, [], [pid 6398] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6399] memfd_create("syzkaller", 0 [pid 6398] <... futex resumed>) = 0 [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6399] <... memfd_create resumed>) = 3 [pid 6399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6399] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6399] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6399] close(3) = 0 [pid 6399] close(4) = 0 [pid 6399] mkdir("./file2", 0777) = 0 [pid 6399] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6399] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6399] chdir("./file2") = 0 [ 236.365201][ T6399] loop0: detected capacity change from 0 to 256 [pid 6399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6399] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6398] <... futex resumed>) = 0 [pid 6399] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6398] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... openat resumed>) = 4 [pid 6399] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6398] <... futex resumed>) = 0 [pid 6399] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6398] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6398] <... futex resumed>) = 1 [pid 6399] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 236.414081][ T6399] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6398] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6398] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6400 attached [pid 6400] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6400] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6398] <... clone3 resumed> => {parent_tid=[6400]}, 88) = 6400 [pid 6400] <... set_robust_list resumed>) = 0 [pid 6398] rt_sigprocmask(SIG_SETMASK, [], [pid 6400] rt_sigprocmask(SIG_SETMASK, [], [pid 6398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6398] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6398] <... futex resumed>) = 0 [pid 6398] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... ioctl resumed>) = 0 [pid 6399] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... openat resumed>) = 5 [pid 6398] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6400] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = 0 [pid 6400] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6398] <... futex resumed>) = 0 [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 1 [pid 6398] <... futex resumed>) = 0 [pid 6399] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6398] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=47000000} [pid 6399] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6399] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = 0 [pid 6399] <... futex resumed>) = 1 [pid 6398] exit_group(0 [pid 6400] <... futex resumed>) = ? [pid 6398] <... exit_group resumed>) = ? [pid 6399] +++ exited with 0 +++ [pid 6400] +++ exited with 0 +++ [pid 6398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6398, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 [ 236.606661][ T37] audit: type=1800 audit(1753855706.450:167): pid=6400 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=337 res=0 errno=0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6401 attached , child_tidptr=0x55555c67f690) = 6401 [pid 6401] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6401] chdir("./168") = 0 [pid 6401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6401] setpgid(0, 0) = 0 [pid 6401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6401] write(3, "1000", 4) = 4 [pid 6401] close(3) = 0 [pid 6401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6401] write(1, "executing program\n", 18executing program ) = 18 [pid 6401] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6401] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6401] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6402 attached => {parent_tid=[6402]}, 88) = 6402 [pid 6402] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6401] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6401] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6402] <... rseq resumed>) = 0 [pid 6402] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] memfd_create("syzkaller", 0) = 3 [pid 6402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6402] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6402] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6402] close(3) = 0 [pid 6402] close(4) = 0 [pid 6402] mkdir("./file2", 0777) = 0 [pid 6402] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6402] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6402] chdir("./file2") = 0 [pid 6402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6402] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6401] <... futex resumed>) = 0 [pid 6401] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6401] <... futex resumed>) = 1 [pid 6402] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6401] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6402] <... openat resumed>) = 4 [pid 6402] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6401] <... futex resumed>) = 0 [pid 6402] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6401] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6401] <... futex resumed>) = 1 [pid 6402] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 237.024822][ T6402] loop0: detected capacity change from 0 to 256 [ 237.047859][ T6402] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6401] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6401] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6401] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6403 attached [pid 6403] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6401] <... clone3 resumed> => {parent_tid=[6403]}, 88) = 6403 [pid 6403] <... rseq resumed>) = 0 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], [pid 6403] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6403] <... set_robust_list resumed>) = 0 [pid 6401] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], [pid 6401] <... futex resumed>) = 0 [pid 6403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6401] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6401] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6401] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6401] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6404 attached => {parent_tid=[6404]}, 88) = 6404 [pid 6404] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6403] <... openat resumed>) = 5 [pid 6402] <... ioctl resumed>) = 0 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], [pid 6403] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6403] <... futex resumed>) = 0 [pid 6402] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6404] rt_sigprocmask(SIG_SETMASK, [], [pid 6403] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... futex resumed>) = 0 [pid 6401] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6402] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6401] <... futex resumed>) = 0 [pid 6404] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6401] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6404] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6401] <... futex resumed>) = 0 [pid 6404] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6401] exit_group(0 [pid 6404] <... futex resumed>) = ? [pid 6403] <... futex resumed>) = ? [pid 6402] <... futex resumed>) = ? [pid 6401] <... exit_group resumed>) = ? [pid 6403] +++ exited with 0 +++ [pid 6402] +++ exited with 0 +++ [pid 6404] +++ exited with 0 +++ [pid 6401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6401, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 237.236419][ T37] audit: type=1800 audit(1753855707.080:168): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=339 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6405 attached [pid 6405] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6405] chdir("./169" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6405 [pid 6405] <... chdir resumed>) = 0 [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6405] setpgid(0, 0) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 6405] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6405] write(1, "executing program\n", 18) = 18 [pid 6405] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6405] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6406 attached [pid 6406] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6405] <... clone3 resumed> => {parent_tid=[6406]}, 88) = 6406 [pid 6406] <... rseq resumed>) = 0 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 6406] set_robust_list(0x7f8a95e509a0, 24 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6406] <... set_robust_list resumed>) = 0 [pid 6405] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6406] memfd_create("syzkaller", 0) = 3 [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6406] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6406] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6406] close(3) = 0 [pid 6406] close(4) = 0 [pid 6406] mkdir("./file2", 0777) = 0 [pid 6406] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6406] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6406] chdir("./file2") = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6406] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6406] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6405] <... futex resumed>) = 0 [pid 6406] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 237.725162][ T6406] loop0: detected capacity change from 0 to 256 [pid 6405] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... openat resumed>) = 4 [pid 6406] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6406] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... futex resumed>) = 0 [ 237.758214][ T6406] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6406] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6405] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6405] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6405] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6407 attached [pid 6407] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6407] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6405] <... clone3 resumed> => {parent_tid=[6407]}, 88) = 6407 [pid 6407] <... set_robust_list resumed>) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6407] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6405] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6407] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6405] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6405] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] <... openat resumed>) = 5 [pid 6406] <... ioctl resumed>) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6407] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] <... futex resumed>) = 0 [pid 6406] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... mmap resumed>) = 0x7f8a95dee000 [pid 6407] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6408 attached [pid 6408] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6405] <... clone3 resumed> => {parent_tid=[6408]}, 88) = 6408 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6405] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6408] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6408] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] exit_group(0 [pid 6408] <... futex resumed>) = ? [pid 6407] <... futex resumed>) = ? [pid 6406] <... futex resumed>) = ? [pid 6405] <... exit_group resumed>) = ? [pid 6408] +++ exited with 0 +++ [pid 6407] +++ exited with 0 +++ [pid 6406] +++ exited with 0 +++ [pid 6405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6405, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 237.936443][ T37] audit: type=1800 audit(1753855707.780:169): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=341 res=0 errno=0 umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6409 attached [pid 6409] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6409] chdir("./170") = 0 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6409 [pid 6409] <... prctl resumed>) = 0 [pid 6409] setpgid(0, 0) = 0 [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6409] write(3, "1000", 4) = 4 [pid 6409] close(3) = 0 [pid 6409] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6409] write(1, "executing program\n", 18) = 18 [pid 6409] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6409] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6410 attached [pid 6410] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6409] <... clone3 resumed> => {parent_tid=[6410]}, 88) = 6410 [pid 6410] <... rseq resumed>) = 0 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6410] set_robust_list(0x7f8a95e509a0, 24 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] <... set_robust_list resumed>) = 0 [pid 6409] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] <... futex resumed>) = 0 [pid 6410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6410] memfd_create("syzkaller", 0) = 3 [pid 6410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6410] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6410] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6410] close(3) = 0 [pid 6410] close(4) = 0 [pid 6410] mkdir("./file2", 0777) = 0 [pid 6410] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6410] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6410] chdir("./file2") = 0 [ 238.560264][ T6410] loop0: detected capacity change from 0 to 256 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6410] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6410] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6410] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6409] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... openat resumed>) = 4 [pid 6410] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 1 [pid 6409] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6409] <... futex resumed>) = 0 [ 238.600622][ T6410] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6409] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6409] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6409] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6411 attached [pid 6411] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6411] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6409] <... clone3 resumed> => {parent_tid=[6411]}, 88) = 6411 [pid 6411] <... set_robust_list resumed>) = 0 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... ioctl resumed>) = 0 [pid 6411] <... openat resumed>) = 5 [pid 6410] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6411] <... futex resumed>) = 1 [pid 6410] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6411] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6410] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6409] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6410] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6410] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] exit_group(0 [pid 6411] <... futex resumed>) = ? [pid 6410] <... futex resumed>) = ? [pid 6409] <... exit_group resumed>) = ? [pid 6411] +++ exited with 0 +++ [pid 6410] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 238.796620][ T37] audit: type=1800 audit(1753855708.640:170): pid=6411 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=343 res=0 errno=0 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6412 attached , child_tidptr=0x55555c67f690) = 6412 [pid 6412] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6412] chdir("./171") = 0 [pid 6412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6412] setpgid(0, 0) = 0 [pid 6412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6412] write(3, "1000", 4) = 4 [pid 6412] close(3) = 0 [pid 6412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6412] write(1, "executing program\n", 18executing program ) = 18 [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6412] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6413 attached [pid 6413] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6412] <... clone3 resumed> => {parent_tid=[6413]}, 88) = 6413 [pid 6413] <... rseq resumed>) = 0 [pid 6412] rt_sigprocmask(SIG_SETMASK, [], [pid 6413] set_robust_list(0x7f8a95e509a0, 24 [pid 6412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6413] <... set_robust_list resumed>) = 0 [pid 6412] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6412] <... futex resumed>) = 0 [pid 6413] memfd_create("syzkaller", 0 [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6413] <... memfd_create resumed>) = 3 [pid 6413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6413] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6413] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6413] close(3) = 0 [pid 6413] close(4) = 0 [pid 6413] mkdir("./file2", 0777) = 0 [pid 6413] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6413] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6413] chdir("./file2") = 0 [pid 6413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 239.303315][ T6413] loop0: detected capacity change from 0 to 256 [pid 6413] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6413] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] <... futex resumed>) = 0 [pid 6413] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6413] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6413] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6412] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 239.342400][ T6413] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6412] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6412] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6414 attached [pid 6414] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6412] <... clone3 resumed> => {parent_tid=[6414]}, 88) = 6414 [pid 6414] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6412] rt_sigprocmask(SIG_SETMASK, [], [pid 6414] <... set_robust_list resumed>) = 0 [pid 6414] rt_sigprocmask(SIG_SETMASK, [], [pid 6412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6412] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6412] <... futex resumed>) = 0 [pid 6412] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... openat resumed>) = 5 [pid 6413] <... ioctl resumed>) = 0 [pid 6414] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6414] <... futex resumed>) = 0 [pid 6413] <... futex resumed>) = 0 [pid 6414] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6413] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6413] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] exit_group(0 [pid 6414] <... futex resumed>) = ? [pid 6413] <... futex resumed>) = ? [pid 6412] <... exit_group resumed>) = ? [pid 6414] +++ exited with 0 +++ [pid 6413] +++ exited with 0 +++ [pid 6412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6412, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 239.546523][ T37] audit: type=1800 audit(1753855709.390:171): pid=6414 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=345 res=0 errno=0 openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6415 attached [pid 6415] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6415 [pid 6415] chdir("./172") = 0 [pid 6415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6415] setpgid(0, 0) = 0 [pid 6415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6415] write(3, "1000", 4) = 4 [pid 6415] close(3) = 0 [pid 6415] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6415] write(1, "executing program\n", 18) = 18 [pid 6415] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6415] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6416 attached [pid 6416] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6415] <... clone3 resumed> => {parent_tid=[6416]}, 88) = 6416 [pid 6416] set_robust_list(0x7f8a95e509a0, 24 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], [pid 6416] <... set_robust_list resumed>) = 0 [pid 6415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6415] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] memfd_create("syzkaller", 0 [pid 6415] <... futex resumed>) = 0 [pid 6415] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6416] <... memfd_create resumed>) = 3 [pid 6416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6416] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6416] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6416] close(3) = 0 [pid 6416] close(4) = 0 [pid 6416] mkdir("./file2", 0777) = 0 [pid 6416] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6416] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6416] chdir("./file2") = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6416] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] <... futex resumed>) = 0 [pid 6415] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6415] <... futex resumed>) = 0 [pid 6415] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] <... openat resumed>) = 4 [pid 6416] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] <... futex resumed>) = 0 [pid 6416] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] <... futex resumed>) = 0 [pid 6415] <... futex resumed>) = 1 [pid 6416] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 240.089929][ T6416] loop0: detected capacity change from 0 to 256 [ 240.110887][ T6416] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6415] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6415] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6415] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6417 attached [pid 6417] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6415] <... clone3 resumed> => {parent_tid=[6417]}, 88) = 6417 [pid 6417] <... rseq resumed>) = 0 [pid 6417] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6415] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6415] <... futex resumed>) = 0 [pid 6415] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] <... ioctl resumed>) = 0 [pid 6416] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... openat resumed>) = 5 [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] <... futex resumed>) = 0 [pid 6417] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] <... futex resumed>) = 0 [pid 6415] <... futex resumed>) = 1 [pid 6415] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6416] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] <... futex resumed>) = 0 [pid 6416] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] exit_group(0 [pid 6417] <... futex resumed>) = ? [pid 6416] <... futex resumed>) = ? [pid 6415] <... exit_group resumed>) = ? [pid 6417] +++ exited with 0 +++ [pid 6416] +++ exited with 0 +++ [pid 6415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6415, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 [ 240.266684][ T37] audit: type=1800 audit(1753855710.110:172): pid=6417 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=347 res=0 errno=0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6418 attached , child_tidptr=0x55555c67f690) = 6418 [pid 6418] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6418] chdir("./173") = 0 [pid 6418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6418] setpgid(0, 0) = 0 [pid 6418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6418] write(3, "1000", 4) = 4 [pid 6418] close(3) = 0 [pid 6418] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6418] write(1, "executing program\n", 18) = 18 [pid 6418] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6418] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6419 attached => {parent_tid=[6419]}, 88) = 6419 [pid 6419] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6419] <... rseq resumed>) = 0 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6419] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6418] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] <... futex resumed>) = 0 [pid 6419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] memfd_create("syzkaller", 0) = 3 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6419] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6419] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6419] close(3) = 0 [pid 6419] close(4) = 0 [pid 6419] mkdir("./file2", 0777) = 0 [pid 6419] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6419] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6419] chdir("./file2") = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6419] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6418] <... futex resumed>) = 0 [pid 6419] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6419] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6419] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6418] <... futex resumed>) = 0 [pid 6419] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6419] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6418] <... futex resumed>) = 1 [ 240.706777][ T6419] loop0: detected capacity change from 0 to 256 [ 240.745341][ T6419] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6418] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6418] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6418] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6420 attached [pid 6420] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6420] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6418] <... clone3 resumed> => {parent_tid=[6420]}, 88) = 6420 [pid 6420] <... set_robust_list resumed>) = 0 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6420] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6418] <... futex resumed>) = 0 [pid 6418] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6418] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6418] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6421 attached [pid 6421] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6418] <... clone3 resumed> => {parent_tid=[6421]}, 88) = 6421 [pid 6421] <... rseq resumed>) = 0 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6421] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6421] <... set_robust_list resumed>) = 0 [pid 6421] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] <... futex resumed>) = 0 [pid 6421] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6418] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6421] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6421] <... futex resumed>) = 0 [pid 6421] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] <... openat resumed>) = 5 [pid 6419] <... ioctl resumed>) = 0 [pid 6420] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] exit_group(0 [pid 6419] <... futex resumed>) = ? [pid 6419] +++ exited with 0 +++ [pid 6421] <... futex resumed>) = ? [pid 6420] <... futex resumed>) = ? [pid 6418] <... exit_group resumed>) = ? [pid 6421] +++ exited with 0 +++ [pid 6420] +++ exited with 0 +++ [pid 6418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6418, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 240.976580][ T37] audit: type=1800 audit(1753855710.820:173): pid=6420 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=349 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6422 ./strace-static-x86_64: Process 6422 attached [pid 6422] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6422] chdir("./174") = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6422] setpgid(0, 0) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6422] write(3, "1000", 4) = 4 [pid 6422] close(3) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6422] write(1, "executing program\n", 18executing program ) = 18 [pid 6422] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6422] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6423 attached [pid 6423] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6422] <... clone3 resumed> => {parent_tid=[6423]}, 88) = 6423 [pid 6423] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6423] memfd_create("syzkaller", 0 [pid 6422] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6423] <... memfd_create resumed>) = 3 [pid 6423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6423] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6423] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6423] close(3) = 0 [pid 6423] close(4) = 0 [pid 6423] mkdir("./file2", 0777) = 0 [pid 6423] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6423] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6423] chdir("./file2") = 0 [pid 6423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6423] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] <... futex resumed>) = 0 [pid 6423] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6422] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... openat resumed>) = 4 [pid 6423] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 241.446130][ T6423] loop0: detected capacity change from 0 to 256 [pid 6423] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6422] <... futex resumed>) = 0 [ 241.491108][ T6423] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6422] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6422] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6422] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6424 attached => {parent_tid=[6424]}, 88) = 6424 [pid 6424] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6424] <... rseq resumed>) = 0 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6424] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6423] <... ioctl resumed>) = 0 [pid 6423] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... openat resumed>) = 5 [pid 6424] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6424] <... futex resumed>) = 1 [pid 6423] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6424] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = 1 [pid 6423] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6422] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6422] exit_group(0 [pid 6423] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6424] <... futex resumed>) = ? [pid 6423] <... futex resumed>) = ? [pid 6422] <... exit_group resumed>) = ? [pid 6424] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ [pid 6422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6422, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 241.646616][ T37] audit: type=1800 audit(1753855711.490:174): pid=6424 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=351 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6425 attached , child_tidptr=0x55555c67f690) = 6425 [pid 6425] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6425] chdir("./175") = 0 [pid 6425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6425] setpgid(0, 0) = 0 [pid 6425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6425] write(3, "1000", 4) = 4 [pid 6425] close(3) = 0 [pid 6425] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6425] write(1, "executing program\n", 18) = 18 [pid 6425] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6425] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6426 attached [pid 6426] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6425] <... clone3 resumed> => {parent_tid=[6426]}, 88) = 6426 [pid 6426] set_robust_list(0x7f8a95e509a0, 24 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6426] <... set_robust_list resumed>) = 0 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6426] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6426] <... futex resumed>) = 0 [pid 6426] memfd_create("syzkaller", 0) = 3 [pid 6426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6426] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6426] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6426] close(3) = 0 [pid 6426] close(4) = 0 [pid 6426] mkdir("./file2", 0777) = 0 [pid 6426] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6426] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6426] chdir("./file2") = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6426] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6425] <... futex resumed>) = 1 [pid 6426] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6425] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... openat resumed>) = 4 [pid 6426] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6426] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6425] <... futex resumed>) = 0 [pid 6426] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 242.242700][ T6426] loop0: detected capacity change from 0 to 256 [ 242.265433][ T6426] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6425] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6425] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6425] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6427 attached [pid 6427] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6425] <... clone3 resumed> => {parent_tid=[6427]}, 88) = 6427 [pid 6427] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6427] <... set_robust_list resumed>) = 0 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6427] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] <... futex resumed>) = 0 [pid 6427] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6425] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6425] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6425] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6428 attached [pid 6428] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6425] <... clone3 resumed> => {parent_tid=[6428]}, 88) = 6428 [pid 6428] <... rseq resumed>) = 0 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6428] <... set_robust_list resumed>) = 0 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] <... futex resumed>) = 0 [pid 6428] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6425] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6428] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6428] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... openat resumed>) = 5 [pid 6426] <... ioctl resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6427] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... futex resumed>) = 0 [pid 6428] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6427] <... futex resumed>) = 0 [pid 6425] exit_group(0 [pid 6426] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... exit_group resumed>) = ? [pid 6428] <... futex resumed>) = ? [pid 6427] +++ exited with 0 +++ [pid 6426] <... futex resumed>) = ? [pid 6428] +++ exited with 0 +++ [pid 6426] +++ exited with 0 +++ [pid 6425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6425, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 242.476469][ T37] audit: type=1800 audit(1753855712.320:175): pid=6427 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=353 res=0 errno=0 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c67f690) = 6429 ./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6429] chdir("./176") = 0 [pid 6429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6429] setpgid(0, 0) = 0 [pid 6429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6429] write(3, "1000", 4) = 4 [pid 6429] close(3) = 0 [pid 6429] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6429] write(1, "executing program\n", 18) = 18 [pid 6429] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6429] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6430 attached [pid 6430] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6429] <... clone3 resumed> => {parent_tid=[6430]}, 88) = 6430 [pid 6430] <... rseq resumed>) = 0 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6430] set_robust_list(0x7f8a95e509a0, 24 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6430] <... set_robust_list resumed>) = 0 [pid 6429] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], [pid 6429] <... futex resumed>) = 0 [pid 6430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6429] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6430] memfd_create("syzkaller", 0) = 3 [pid 6430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6430] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6430] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6430] close(3) = 0 [pid 6430] close(4) = 0 [pid 6430] mkdir("./file2", 0777) = 0 [pid 6430] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6430] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6430] chdir("./file2") = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6430] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6430] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] <... futex resumed>) = 0 [pid 6430] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6429] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... openat resumed>) = 4 [pid 6430] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6430] <... futex resumed>) = 1 [pid 6429] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6429] <... futex resumed>) = 0 [ 242.926714][ T6430] loop0: detected capacity change from 0 to 256 [ 242.951859][ T6430] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6429] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6429] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6429] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6431 attached => {parent_tid=[6431]}, 88) = 6431 [pid 6431] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6431] <... rseq resumed>) = 0 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6431] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6429] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... set_robust_list resumed>) = 0 [pid 6429] <... futex resumed>) = 0 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], [pid 6429] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6431] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6430] <... ioctl resumed>) = 0 [pid 6430] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] <... openat resumed>) = 5 [pid 6431] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6429] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6430] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6430] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6430] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] exit_group(0 [pid 6431] <... futex resumed>) = ? [pid 6430] <... futex resumed>) = ? [pid 6429] <... exit_group resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6430] +++ exited with 0 +++ [pid 6429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6429, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 243.136827][ T37] audit: type=1800 audit(1753855712.980:176): pid=6431 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=355 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6432 attached [pid 6432] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6432] chdir("./177" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6432 [pid 6432] <... chdir resumed>) = 0 [pid 6432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6432] setpgid(0, 0) = 0 [pid 6432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6432] write(3, "1000", 4) = 4 [pid 6432] close(3) = 0 [pid 6432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6432] write(1, "executing program\n", 18executing program ) = 18 [pid 6432] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6432] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6433 attached [pid 6433] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6432] <... clone3 resumed> => {parent_tid=[6433]}, 88) = 6433 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6433] set_robust_list(0x7f8a95e509a0, 24 [pid 6432] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6433] <... set_robust_list resumed>) = 0 [pid 6433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6433] memfd_create("syzkaller", 0) = 3 [pid 6433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6433] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6433] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6433] close(3) = 0 [pid 6433] close(4) = 0 [pid 6433] mkdir("./file2", 0777) = 0 [pid 6433] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6433] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6433] chdir("./file2") = 0 [pid 6433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6433] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6433] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6432] <... futex resumed>) = 1 [pid 6433] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6432] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] <... openat resumed>) = 4 [pid 6433] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6433] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6432] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 243.706325][ T6433] loop0: detected capacity change from 0 to 256 [pid 6432] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 243.749220][ T6433] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6433] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6432] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6432] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6432] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6434 attached [pid 6434] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6432] <... clone3 resumed> => {parent_tid=[6434]}, 88) = 6434 [pid 6434] <... rseq resumed>) = 0 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], [pid 6434] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] <... set_robust_list resumed>) = 0 [pid 6434] rt_sigprocmask(SIG_SETMASK, [], [pid 6432] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6432] <... futex resumed>) = 0 [pid 6434] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6432] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6432] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] <... openat resumed>) = 5 [pid 6433] <... ioctl resumed>) = 0 [pid 6434] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6434] <... futex resumed>) = 0 [pid 6433] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... mmap resumed>) = 0x7f8a95dee000 [pid 6434] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6433] <... futex resumed>) = 0 [pid 6432] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE [pid 6433] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] <... mprotect resumed>) = 0 [pid 6432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6435 attached [pid 6435] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6435] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6432] <... clone3 resumed> => {parent_tid=[6435]}, 88) = 6435 [pid 6435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], [pid 6435] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6432] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6432] <... futex resumed>) = 0 [pid 6435] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6432] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6435] <... futex resumed>) = 0 [pid 6432] exit_group(0 [pid 6435] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6434] <... futex resumed>) = ? [pid 6433] <... futex resumed>) = ? [pid 6435] +++ exited with 0 +++ [pid 6434] +++ exited with 0 +++ [pid 6433] +++ exited with 0 +++ [pid 6432] <... exit_group resumed>) = ? [pid 6432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6432, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 243.936358][ T37] audit: type=1800 audit(1753855713.780:177): pid=6434 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=357 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6436 attached , child_tidptr=0x55555c67f690) = 6436 [pid 6436] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6436] chdir("./178") = 0 [pid 6436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6436] setpgid(0, 0) = 0 [pid 6436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6436] write(3, "1000", 4) = 4 [pid 6436] close(3) = 0 [pid 6436] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6436] write(1, "executing program\n", 18) = 18 [pid 6436] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6436] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6437 attached [pid 6437] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6436] <... clone3 resumed> => {parent_tid=[6437]}, 88) = 6437 [pid 6437] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6436] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] rt_sigprocmask(SIG_SETMASK, [], [pid 6436] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6437] memfd_create("syzkaller", 0) = 3 [pid 6437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6437] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6437] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6437] close(3) = 0 [pid 6437] close(4) = 0 [pid 6437] mkdir("./file2", 0777) = 0 [pid 6437] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6437] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6437] chdir("./file2") = 0 [pid 6437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6437] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] <... futex resumed>) = 0 [pid 6437] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6436] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] <... openat resumed>) = 4 [pid 6437] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] <... futex resumed>) = 0 [pid 6436] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6436] <... futex resumed>) = 0 [ 244.409155][ T6437] loop0: detected capacity change from 0 to 256 [ 244.438698][ T6437] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6436] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6436] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6436] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6438 attached => {parent_tid=[6438]}, 88) = 6438 [pid 6438] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... rseq resumed>) = 0 [pid 6436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6436] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... set_robust_list resumed>) = 0 [pid 6436] <... futex resumed>) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6436] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6436] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6436] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6436] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6439 attached [pid 6439] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6439] set_robust_list(0x7f8a95e0e9a0, 24) = 0 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], [pid 6436] <... clone3 resumed> => {parent_tid=[6439]}, 88) = 6439 [pid 6439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], [pid 6439] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6436] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = 0 [pid 6436] <... futex resumed>) = 1 [pid 6439] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EBADF (Bad file descriptor) [pid 6436] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6439] <... futex resumed>) = 0 [pid 6439] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... openat resumed>) = 5 [pid 6437] <... ioctl resumed>) = 0 [pid 6438] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] exit_group(0 [pid 6437] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] <... futex resumed>) = ? [pid 6438] <... futex resumed>) = ? [pid 6437] <... futex resumed>) = ? [pid 6436] <... exit_group resumed>) = ? [pid 6439] +++ exited with 0 +++ [pid 6438] +++ exited with 0 +++ [pid 6437] +++ exited with 0 +++ [pid 6436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6436, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 244.636943][ T37] audit: type=1800 audit(1753855714.480:178): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=359 res=0 errno=0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6440 attached [pid 6440] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6440 [pid 6440] <... set_robust_list resumed>) = 0 [pid 6440] chdir("./179") = 0 [pid 6440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6440] setpgid(0, 0) = 0 [pid 6440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6440] write(3, "1000", 4) = 4 [pid 6440] close(3) = 0 [pid 6440] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6440] write(1, "executing program\n", 18) = 18 [pid 6440] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6440] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6441 attached [pid 6441] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6440] <... clone3 resumed> => {parent_tid=[6441]}, 88) = 6441 [pid 6441] <... rseq resumed>) = 0 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] set_robust_list(0x7f8a95e509a0, 24 [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6441] <... set_robust_list resumed>) = 0 [pid 6440] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6440] <... futex resumed>) = 0 [pid 6441] memfd_create("syzkaller", 0 [pid 6440] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6441] <... memfd_create resumed>) = 3 [pid 6441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6441] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6441] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6441] close(3) = 0 [pid 6441] close(4) = 0 [pid 6441] mkdir("./file2", 0777) = 0 [pid 6441] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6441] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6441] chdir("./file2") = 0 [pid 6441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6441] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] <... futex resumed>) = 0 [ 245.059193][ T6441] loop0: detected capacity change from 0 to 256 [pid 6441] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6440] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6440] <... futex resumed>) = 0 [pid 6441] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6440] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... openat resumed>) = 4 [pid 6441] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] <... futex resumed>) = 0 [pid 6441] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6440] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6440] <... futex resumed>) = 0 [pid 6441] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 245.098136][ T6441] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6440] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6440] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6440] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6442 attached [pid 6442] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6440] <... clone3 resumed> => {parent_tid=[6442]}, 88) = 6442 [pid 6442] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6442] <... set_robust_list resumed>) = 0 [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], [pid 6440] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6440] <... futex resumed>) = 0 [pid 6442] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6440] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6440] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6440] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95dee000 [pid 6440] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6443 attached => {parent_tid=[6443]}, 88) = 6443 [pid 6443] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053) = 0 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6443] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6443] <... set_robust_list resumed>) = 0 [pid 6443] rt_sigprocmask(SIG_SETMASK, [], [pid 6440] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6443] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6440] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6443] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] <... futex resumed>) = 0 [pid 6443] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] <... openat resumed>) = 5 [pid 6441] <... ioctl resumed>) = 0 [pid 6442] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] exit_group(0 [pid 6442] <... futex resumed>) = ? [pid 6440] <... exit_group resumed>) = ? [pid 6442] +++ exited with 0 +++ [pid 6443] <... futex resumed>) = ? [pid 6441] <... futex resumed>) = ? [pid 6443] +++ exited with 0 +++ [pid 6441] +++ exited with 0 +++ [pid 6440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6440, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 245.356493][ T37] audit: type=1800 audit(1753855715.200:179): pid=6442 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=361 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6444 attached , child_tidptr=0x55555c67f690) = 6444 [pid 6444] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6444] chdir("./180") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] write(1, "executing program\n", 18executing program ) = 18 [pid 6444] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6444] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6445 attached [pid 6445] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6444] <... clone3 resumed> => {parent_tid=[6445]}, 88) = 6445 [pid 6445] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6445] rt_sigprocmask(SIG_SETMASK, [], [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] memfd_create("syzkaller", 0 [pid 6444] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] <... memfd_create resumed>) = 3 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6445] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6445] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6445] close(3) = 0 [pid 6445] close(4) = 0 [pid 6445] mkdir("./file2", 0777) = 0 [pid 6445] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6445] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./file2") = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6445] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [ 245.984949][ T6445] loop0: detected capacity change from 0 to 256 [pid 6444] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... openat resumed>) = 4 [pid 6445] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 246.031622][ T6445] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6445] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6444] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6444] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6444] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6446 attached => {parent_tid=[6446]}, 88) = 6446 [pid 6446] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6446] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... set_robust_list resumed>) = 0 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], [pid 6444] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6444] <... futex resumed>) = 0 [pid 6446] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6444] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... ioctl resumed>) = 0 [pid 6445] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... openat resumed>) = 5 [pid 6446] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = 0 [pid 6446] <... futex resumed>) = 1 [pid 6445] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 1 [pid 6445] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6444] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6445] <... futex resumed>) = 0 [pid 6444] exit_group(0 [pid 6445] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... futex resumed>) = ? [pid 6445] <... futex resumed>) = ? [pid 6444] <... exit_group resumed>) = ? [pid 6446] +++ exited with 0 +++ [pid 6445] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 246.206519][ T37] audit: type=1800 audit(1753855716.050:180): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=363 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6447 attached , child_tidptr=0x55555c67f690) = 6447 [pid 6447] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6447] chdir("./181") = 0 [pid 6447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6447] setpgid(0, 0) = 0 [pid 6447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6447] write(3, "1000", 4) = 4 [pid 6447] close(3) = 0 [pid 6447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6447] write(1, "executing program\n", 18executing program ) = 18 [pid 6447] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6447] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6448 attached [pid 6448] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6447] <... clone3 resumed> => {parent_tid=[6448]}, 88) = 6448 [pid 6448] set_robust_list(0x7f8a95e509a0, 24 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], [pid 6448] <... set_robust_list resumed>) = 0 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6448] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6447] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] memfd_create("syzkaller", 0 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6448] <... memfd_create resumed>) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6448] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6448] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6448] close(3) = 0 [pid 6448] close(4) = 0 [pid 6448] mkdir("./file2", 0777) = 0 [pid 6448] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6448] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./file2") = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6448] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6447] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6447] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... openat resumed>) = 4 [pid 6448] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6448] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6447] <... futex resumed>) = 0 [ 246.807979][ T6448] loop0: detected capacity change from 0 to 256 [ 246.844238][ T6448] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6447] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6447] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6447] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6449 attached [pid 6449] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6447] <... clone3 resumed> => {parent_tid=[6449]}, 88) = 6449 [pid 6449] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] <... set_robust_list resumed>) = 0 [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6447] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] <... openat resumed>) = 5 [pid 6448] <... ioctl resumed>) = 0 [pid 6449] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6449] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 0 [pid 6447] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6447] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] exit_group(0 [pid 6449] <... futex resumed>) = ? [pid 6448] <... futex resumed>) = ? [pid 6447] <... exit_group resumed>) = ? [pid 6449] +++ exited with 0 +++ [pid 6448] +++ exited with 0 +++ [pid 6447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6447, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 247.026522][ T37] audit: type=1800 audit(1753855716.870:181): pid=6449 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=365 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6450 attached , child_tidptr=0x55555c67f690) = 6450 [pid 6450] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6450] chdir("./182") = 0 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6450] setpgid(0, 0) = 0 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6450] write(3, "1000", 4) = 4 [pid 6450] close(3) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6450] write(1, "executing program\n", 18) = 18 [pid 6450] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6450] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6451 attached => {parent_tid=[6451]}, 88) = 6451 [pid 6451] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6451] <... rseq resumed>) = 0 [pid 6450] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6451] memfd_create("syzkaller", 0) = 3 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6451] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6451] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6451] close(3) = 0 [pid 6451] close(4) = 0 [pid 6451] mkdir("./file2", 0777) = 0 [pid 6451] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6451] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6451] chdir("./file2") = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6451] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] <... futex resumed>) = 0 [pid 6451] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6450] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... openat resumed>) = 4 [pid 6451] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] <... futex resumed>) = 0 [pid 6451] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 247.620440][ T6451] loop0: detected capacity change from 0 to 256 [ 247.651081][ T6451] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6450] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6450] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6450] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6452 attached [pid 6452] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6450] <... clone3 resumed> => {parent_tid=[6452]}, 88) = 6452 [pid 6452] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], [pid 6452] <... set_robust_list resumed>) = 0 [pid 6450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6450] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... ioctl resumed>) = 0 [pid 6451] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6451] <... futex resumed>) = 0 [pid 6452] <... openat resumed>) = 5 [pid 6451] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6452] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] <... futex resumed>) = 0 [pid 6451] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 6450] <... futex resumed>) = 0 [pid 6452] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6451] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] exit_group(0 [pid 6452] <... futex resumed>) = ? [pid 6451] <... futex resumed>) = ? [pid 6450] <... exit_group resumed>) = ? [pid 6451] +++ exited with 0 +++ [pid 6452] +++ exited with 0 +++ [pid 6450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6450, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 247.846949][ T37] audit: type=1800 audit(1753855717.690:182): pid=6452 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=367 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6453 attached [pid 6453] set_robust_list(0x55555c67f6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6453 [pid 6453] <... set_robust_list resumed>) = 0 [pid 6453] chdir("./183") = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6453] setpgid(0, 0) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [pid 6453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6453] write(1, "executing program\n", 18executing program ) = 18 [pid 6453] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6453] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6454 attached [pid 6454] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6454] set_robust_list(0x7f8a95e509a0, 24 [pid 6453] <... clone3 resumed> => {parent_tid=[6454]}, 88) = 6454 [pid 6454] <... set_robust_list resumed>) = 0 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6454] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] memfd_create("syzkaller", 0 [pid 6453] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] <... memfd_create resumed>) = 3 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6454] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6454] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6454] close(3) = 0 [pid 6454] close(4) = 0 [pid 6454] mkdir("./file2", 0777) = 0 [pid 6454] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6454] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6454] chdir("./file2") = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6454] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6453] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... openat resumed>) = 4 [pid 6454] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 248.367943][ T6454] loop0: detected capacity change from 0 to 256 [ 248.402499][ T6454] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6454] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6453] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6453] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6455 attached [pid 6455] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6455] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6453] <... clone3 resumed> => {parent_tid=[6455]}, 88) = 6455 [pid 6455] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6455] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] <... futex resumed>) = 0 [pid 6455] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6453] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... ioctl resumed>) = 0 [pid 6455] <... openat resumed>) = 5 [pid 6454] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6454] <... futex resumed>) = 0 [pid 6455] <... futex resumed>) = 1 [pid 6454] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6454] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6454] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] exit_group(0) = ? [pid 6454] <... futex resumed>) = ? [pid 6455] <... futex resumed>) = ? [pid 6454] +++ exited with 0 +++ [pid 6455] +++ exited with 0 +++ [pid 6453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6453, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 [ 248.566686][ T37] audit: type=1800 audit(1753855718.410:183): pid=6455 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=369 res=0 errno=0 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6456 attached [pid 6456] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6456 [pid 6456] chdir("./184") = 0 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6456] setpgid(0, 0) = 0 [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6456] write(3, "1000", 4) = 4 [pid 6456] close(3) = 0 [pid 6456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6456] write(1, "executing program\n", 18executing program ) = 18 [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6456] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6457 attached [pid 6457] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6456] <... clone3 resumed> => {parent_tid=[6457]}, 88) = 6457 [pid 6457] set_robust_list(0x7f8a95e509a0, 24 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], [pid 6457] <... set_robust_list resumed>) = 0 [pid 6456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6456] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] memfd_create("syzkaller", 0 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6457] <... memfd_create resumed>) = 3 [pid 6457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6457] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6457] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6457] close(3) = 0 [pid 6457] close(4) = 0 [pid 6457] mkdir("./file2", 0777) = 0 [pid 6457] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6457] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6457] chdir("./file2") = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6457] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... futex resumed>) = 0 [pid 6457] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6457] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6456] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 249.059219][ T6457] loop0: detected capacity change from 0 to 256 [ 249.087263][ T6457] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6456] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6456] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6458 attached [pid 6458] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6456] <... clone3 resumed> => {parent_tid=[6458]}, 88) = 6458 [pid 6458] set_robust_list(0x7f8a95e2f9a0, 24) = 0 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], [pid 6458] rt_sigprocmask(SIG_SETMASK, [], [pid 6456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6456] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... ioctl resumed>) = 0 [pid 6458] <... openat resumed>) = 5 [pid 6457] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = 0 [pid 6456] <... futex resumed>) = 0 [pid 6458] <... futex resumed>) = 1 [pid 6457] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6458] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6456] <... futex resumed>) = 0 [pid 6457] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6456] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6457] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6456] exit_group(0 [pid 6457] <... futex resumed>) = ? [pid 6456] <... exit_group resumed>) = ? [pid 6458] <... futex resumed>) = ? [pid 6457] +++ exited with 0 +++ [pid 6458] +++ exited with 0 +++ [pid 6456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6456, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 249.256495][ T37] audit: type=1800 audit(1753855719.100:184): pid=6458 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=371 res=0 errno=0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6459 attached , child_tidptr=0x55555c67f690) = 6459 [pid 6459] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6459] chdir("./185") = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6459] setpgid(0, 0) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6459] write(3, "1000", 4) = 4 [pid 6459] close(3) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6459] write(1, "executing program\n", 18executing program ) = 18 [pid 6459] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6459] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6460 attached [pid 6460] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053) = 0 [pid 6460] set_robust_list(0x7f8a95e509a0, 24 [pid 6459] <... clone3 resumed> => {parent_tid=[6460]}, 88) = 6460 [pid 6460] <... set_robust_list resumed>) = 0 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] memfd_create("syzkaller", 0) = 3 [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6460] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6460] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6460] close(3) = 0 [pid 6460] close(4) = 0 [pid 6460] mkdir("./file2", 0777) = 0 [pid 6460] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6460] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6460] chdir("./file2") = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6460] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6459] <... futex resumed>) = 1 [pid 6459] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6460] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6459] <... futex resumed>) = 0 [ 249.679653][ T6460] loop0: detected capacity change from 0 to 256 [ 249.714469][ T6460] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6459] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6459] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6459] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6461 attached [pid 6461] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6459] <... clone3 resumed> => {parent_tid=[6461]}, 88) = 6461 [pid 6461] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6461] <... set_robust_list resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6459] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6459] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] <... openat resumed>) = 5 [pid 6460] <... ioctl resumed>) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6461] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... mmap resumed>) = 0x7f8a95dee000 [pid 6461] <... futex resumed>) = 0 [pid 6460] <... futex resumed>) = 0 [pid 6461] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] mprotect(0x7f8a95def000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e0e990, parent_tid=0x7f8a95e0e990, exit_signal=0, stack=0x7f8a95dee000, stack_size=0x20300, tls=0x7f8a95e0e6c0}./strace-static-x86_64: Process 6462 attached [pid 6462] rseq(0x7f8a95e0efe0, 0x20, 0, 0x53053053 [pid 6459] <... clone3 resumed> => {parent_tid=[6462]}, 88) = 6462 [pid 6462] <... rseq resumed>) = 0 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] futex(0x7f8a95f246e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] set_robust_list(0x7f8a95e0e9a0, 24 [pid 6459] <... futex resumed>) = 0 [pid 6462] <... set_robust_list resumed>) = 0 [pid 6459] futex(0x7f8a95f246ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6462] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0) = -1 EIO (Input/output error) [pid 6462] futex(0x7f8a95f246ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6462] futex(0x7f8a95f246e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] exit_group(0 [pid 6462] <... futex resumed>) = ? [pid 6460] <... futex resumed>) = ? [pid 6462] +++ exited with 0 +++ [pid 6461] <... futex resumed>) = ? [pid 6460] +++ exited with 0 +++ [pid 6461] +++ exited with 0 +++ [pid 6459] <... exit_group resumed>) = ? [pid 6459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6459, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 [ 249.916576][ T37] audit: type=1800 audit(1753855719.760:185): pid=6461 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=373 res=0 errno=0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6463 attached [pid 6463] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 6463] chdir("./186" [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6463 [pid 6463] <... chdir resumed>) = 0 [pid 6463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6463] setpgid(0, 0) = 0 [pid 6463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6463] write(3, "1000", 4) = 4 [pid 6463] close(3) = 0 [pid 6463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6463] write(1, "executing program\n", 18executing program ) = 18 [pid 6463] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6463] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0} => {parent_tid=[6464]}, 88) = 6464 ./strace-static-x86_64: Process 6464 attached [pid 6464] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6463] rt_sigprocmask(SIG_SETMASK, [], [pid 6464] <... rseq resumed>) = 0 [pid 6463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6463] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] set_robust_list(0x7f8a95e509a0, 24) = 0 [pid 6463] <... futex resumed>) = 0 [pid 6464] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6464] memfd_create("syzkaller", 0) = 3 [pid 6464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6464] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6464] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6464] close(3) = 0 [pid 6464] close(4) = 0 [pid 6464] mkdir("./file2", 0777) = 0 [pid 6464] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6464] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6464] chdir("./file2") = 0 [pid 6464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6464] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = 0 [pid 6464] <... futex resumed>) = 1 [pid 6464] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6463] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] <... openat resumed>) = 4 [ 250.284546][ T6464] loop0: detected capacity change from 0 to 256 [pid 6464] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] <... futex resumed>) = 0 [pid 6464] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6463] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6463] <... futex resumed>) = 0 [ 250.328880][ T6464] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6463] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6463] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6463] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6465 attached => {parent_tid=[6465]}, 88) = 6465 [pid 6465] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053) = 0 [pid 6463] rt_sigprocmask(SIG_SETMASK, [], [pid 6465] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6465] <... set_robust_list resumed>) = 0 [pid 6463] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] <... futex resumed>) = 0 [pid 6465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6465] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200 [pid 6463] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] <... ioctl resumed>) = 0 [pid 6465] <... openat resumed>) = 5 [pid 6464] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] <... futex resumed>) = 0 [pid 6465] <... futex resumed>) = 1 [pid 6464] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6463] <... futex resumed>) = 0 [pid 6465] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6463] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] <... futex resumed>) = 0 [pid 6463] <... futex resumed>) = 1 [pid 6464] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6463] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6464] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6464] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6463] <... futex resumed>) = 0 [pid 6463] exit_group(0 [pid 6465] <... futex resumed>) = ? [pid 6464] <... futex resumed>) = ? [pid 6463] <... exit_group resumed>) = ? [pid 6465] +++ exited with 0 +++ [pid 6464] +++ exited with 0 +++ [pid 6463] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6463, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 250.486577][ T37] audit: type=1800 audit(1753855720.330:186): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor264" name="file2" dev="loop0" ino=375 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c688770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c688770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file2") = 0 getdents64(3, 0x55555c680730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6466 attached [pid 6466] set_robust_list(0x55555c67f6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55555c67f690) = 6466 [pid 6466] chdir("./187") = 0 [pid 6466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6466] setpgid(0, 0) = 0 [pid 6466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6466] write(3, "1000", 4) = 4 [pid 6466] close(3) = 0 [pid 6466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6466] write(1, "executing program\n", 18executing program ) = 18 [pid 6466] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] rt_sigaction(SIGRT_1, {sa_handler=0x7f8a95ec2070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8a95eb3220}, NULL, 8) = 0 [pid 6466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e30000 [pid 6466] mprotect(0x7f8a95e31000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e50990, parent_tid=0x7f8a95e50990, exit_signal=0, stack=0x7f8a95e30000, stack_size=0x20300, tls=0x7f8a95e506c0}./strace-static-x86_64: Process 6467 attached [pid 6467] rseq(0x7f8a95e50fe0, 0x20, 0, 0x53053053 [pid 6466] <... clone3 resumed> => {parent_tid=[6467]}, 88) = 6467 [pid 6467] <... rseq resumed>) = 0 [pid 6466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6466] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] set_robust_list(0x7f8a95e509a0, 24 [pid 6466] <... futex resumed>) = 0 [pid 6467] <... set_robust_list resumed>) = 0 [pid 6467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6466] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6467] memfd_create("syzkaller", 0) = 3 [pid 6467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a8da30000 [pid 6467] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6467] munmap(0x7f8a8da30000, 138412032) = 0 [pid 6467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6467] close(3) = 0 [pid 6467] close(4) = 0 [pid 6467] mkdir("./file2", 0777) = 0 [pid 6467] mount("/dev/loop0", "./file2", "exfat", 0, "") = 0 [pid 6467] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6467] chdir("./file2") = 0 [pid 6467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6467] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] <... futex resumed>) = 0 [pid 6467] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6466] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6466] <... futex resumed>) = 0 [pid 6467] openat(AT_FDCWD, "blkio.bfq.dequeue", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 250.936104][ T6467] loop0: detected capacity change from 0 to 256 [pid 6466] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] <... openat resumed>) = 4 [pid 6467] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] <... futex resumed>) = 0 [pid 6467] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6466] futex(0x7f8a95f246c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6467] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6466] <... futex resumed>) = 0 [ 250.983089][ T6467] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [pid 6466] futex(0x7f8a95f246cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6466] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8a95e0f000 [pid 6466] mprotect(0x7f8a95e10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8a95e2f990, parent_tid=0x7f8a95e2f990, exit_signal=0, stack=0x7f8a95e0f000, stack_size=0x20300, tls=0x7f8a95e2f6c0}./strace-static-x86_64: Process 6468 attached => {parent_tid=[6468]}, 88) = 6468 [pid 6468] rseq(0x7f8a95e2ffe0, 0x20, 0, 0x53053053 [pid 6466] rt_sigprocmask(SIG_SETMASK, [], [pid 6468] <... rseq resumed>) = 0 [pid 6468] set_robust_list(0x7f8a95e2f9a0, 24 [pid 6466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6468] <... set_robust_list resumed>) = 0 [pid 6466] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], [pid 6466] <... futex resumed>) = 0 [pid 6466] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6468] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 0200) = 5 [pid 6468] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6466] <... futex resumed>) = 0 [pid 6466] futex(0x7f8a95f246d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6466] <... futex resumed>) = 0 [pid 6468] pwritev2(5, [{iov_base="\xff\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=44030}], 1, 21509, 0 [pid 6466] futex(0x7f8a95f246dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... pwritev2 resumed>) = 7163 [pid 6468] futex(0x7f8a95f246dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] <... futex resumed>) = 0 [ 251.097204][ T6468] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 251.097224][ T6468] exFAT-fs (loop0): Filesystem has been set read-only [pid 6468] futex(0x7f8a95f246d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] <... ioctl resumed>) = 0 [pid 6467] futex(0x7f8a95f246cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f8a95f246c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6466] exit_group(0 [pid 6467] <... futex resumed>) = ? [pid 6468] <... futex resumed>) = ? [pid 6466] <... exit_group resumed>) = ? [pid 6467] +++ exited with 0 +++ [pid 6468] +++ exited with 0 +++ [pid 6466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6466, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c680730 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./187/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 251.306202][ T9] ------------[ cut here ]------------ [ 251.306221][ T9] WARNING: CPU: 0 PID: 9 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 [ 251.306265][ T9] Modules linked in: [ 251.306298][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G W 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT_{RT,(full)} [ 251.306323][ T9] Tainted: [W]=WARN [ 251.306329][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.306340][ T9] Workqueue: events destroy_super_work [ 251.306362][ T9] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 251.306385][ T9] Code: 18 e8 47 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 251.306398][ T9] RSP: 0018:ffffc900000e79e8 EFLAGS: 00010246 [ 251.306411][ T9] RAX: 0000000000000002 RBX: ffff88803549a338 RCX: fc14e17df1fabd00 [ 251.306423][ T9] RDX: 0000000000000000 RSI: ffffffff8b61e160 RDI: ffff88803549a338 [ 251.306434][ T9] RBP: 000000000000019f R08: 0000000000000000 R09: 0000000000000000 [ 251.306443][ T9] R10: dffffc0000000000 R11: fffffbfff1ac9b52 R12: dffffc0000000000 [ 251.306455][ T9] R13: 1ffff11006a93467 R14: ffff88803549a338 R15: dffffc0000000000 [ 251.306467][ T9] FS: 0000000000000000(0000) GS:ffff888126b23000(0000) knlGS:0000000000000000 [ 251.306480][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 251.306491][ T9] CR2: 00007f8a95ed7b50 CR3: 000000003b260000 CR4: 00000000003526f0 [ 251.306505][ T9] Call Trace: [ 251.306511][ T9] [ 251.306521][ T9] percpu_free_rwsem+0x43/0x80 [ 251.306544][ T9] destroy_super_work+0xee/0x130 [ 251.306564][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 251.306586][ T9] process_scheduled_works+0xade/0x17b0 [ 251.306627][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 251.306659][ T9] worker_thread+0x8a0/0xda0 [ 251.306699][ T9] kthread+0x70e/0x8a0 [ 251.306726][ T9] ? __pfx_worker_thread+0x10/0x10 [ 251.306745][ T9] ? __pfx_kthread+0x10/0x10 [ 251.306773][ T9] ? __pfx_kthread+0x10/0x10 [ 251.306797][ T9] ret_from_fork+0x3f9/0x770 [ 251.306820][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 251.306845][ T9] ? __switch_to_asm+0x39/0x70 [ 251.306858][ T9] ? __switch_to_asm+0x33/0x70 [ 251.306871][ T9] ? __pfx_kthread+0x10/0x10 [ 251.306896][ T9] ret_from_fork_asm+0x1a/0x30 [ 251.306927][ T9] [ 251.306938][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 251.306951][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G W 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT_{RT,(full)} [ 251.306972][ T9] Tainted: [W]=WARN [ 251.306977][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.306987][ T9] Workqueue: events destroy_super_work [ 251.307006][ T9] Call Trace: [ 251.307012][ T9] [ 251.307018][ T9] dump_stack_lvl+0x99/0x250 [ 251.307041][ T9] ? __asan_memcpy+0x40/0x70 [ 251.307059][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.307081][ T9] ? __pfx__printk+0x10/0x10 [ 251.307108][ T9] panic+0x2db/0x790 [ 251.307135][ T9] ? __pfx_panic+0x10/0x10 [ 251.307156][ T9] ? show_trace_log_lvl+0x4fb/0x550 [ 251.307230][ T9] ? ret_from_fork_asm+0x1a/0x30 [ 251.307250][ T9] __warn+0x31b/0x4b0 [ 251.307271][ T9] ? rcu_sync_dtor+0xcd/0x180 [ 251.307295][ T9] ? rcu_sync_dtor+0xcd/0x180 [ 251.307317][ T9] report_bug+0x2be/0x4f0 [ 251.307335][ T9] ? rcu_sync_dtor+0xcd/0x180 [ 251.307357][ T9] ? rcu_sync_dtor+0xcd/0x180 [ 251.307379][ T9] ? rcu_sync_dtor+0xcf/0x180 [ 251.307401][ T9] handle_bug+0x84/0x160 [ 251.307423][ T9] exc_invalid_op+0x1a/0x50 [ 251.307445][ T9] asm_exc_invalid_op+0x1a/0x20 [ 251.307463][ T9] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 251.307485][ T9] Code: 18 e8 47 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 251.307497][ T9] RSP: 0018:ffffc900000e79e8 EFLAGS: 00010246 [ 251.307509][ T9] RAX: 0000000000000002 RBX: ffff88803549a338 RCX: fc14e17df1fabd00 [ 251.307520][ T9] RDX: 0000000000000000 RSI: ffffffff8b61e160 RDI: ffff88803549a338 [ 251.307530][ T9] RBP: 000000000000019f R08: 0000000000000000 R09: 0000000000000000 [ 251.307539][ T9] R10: dffffc0000000000 R11: fffffbfff1ac9b52 R12: dffffc0000000000 [ 251.307551][ T9] R13: 1ffff11006a93467 R14: ffff88803549a338 R15: dffffc0000000000 [ 251.307578][ T9] percpu_free_rwsem+0x43/0x80 [ 251.307599][ T9] destroy_super_work+0xee/0x130 [ 251.307618][ T9] ? process_scheduled_works+0x9ef/0x17b0 [ 251.307638][ T9] process_scheduled_works+0xade/0x17b0 [ 251.307678][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 251.307709][ T9] worker_thread+0x8a0/0xda0 [ 251.307748][ T9] kthread+0x70e/0x8a0 [ 251.307773][ T9] ? __pfx_worker_thread+0x10/0x10 [ 251.307799][ T9] ? __pfx_kthread+0x10/0x10 [ 251.307826][ T9] ? __pfx_kthread+0x10/0x10 [ 251.307851][ T9] ret_from_fork+0x3f9/0x770 [ 251.307873][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 251.307898][ T9] ? __switch_to_asm+0x39/0x70 [ 251.307911][ T9] ? __switch_to_asm+0x33/0x70 [ 251.307924][ T9] ? __pfx_kthread+0x10/0x10 [ 251.307948][ T9] ret_from_fork_asm+0x1a/0x30 [ 251.307974][ T9] [ 251.308319][ T9] Kernel Offset: disabled